Lead Offensive Security Engineers

Sri Lanka·Colombo

OtherEngineers

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Lead and execute penetration testing engagements covering web applications, APIs, mobile applications, networks, cloud environments, and infrastructure Conduct red team exercises,

Technical Tools

OtherEngineers

Lead and execute penetration testing engagements covering web applications, APIs, mobile applications, networks, cloud environments, and infrastructure
Conduct red team exercises, adversary simulations, and attack emulation activities to evaluate security controls and incident response capabilities
Identify, validate, and exploit vulnerabilities while assessing their business and technical impact
Develop detailed security assessment reports, including risk ratings, remediation recommendations, and executive summaries
Perform security architecture reviews and provide guidance on secure design principles
Research emerging threats, attack techniques, and security vulnerabilities to improve offensive security capabilities
Support incident response investigations by providing attacker methodology analysis and root cause identification
Develop custom scripts, tools, and automation to enhance offensive security testing activities
Collaborate with development, infrastructure, cloud, and security teams to remediate identified vulnerabilities
Mentor and guide junior security engineers and penetration testers
Contribute to security awareness initiatives and technical training programs
Assist in establishing offensive security methodologies, standards, and best practices
Participate in purple team exercises with defensive security teams to improve detection and response capabilities

Requirements

~1 min read

Bachelor's Degree in Cyber Security, Computer Science, Information Technology, or a related field
Minimum 8+ years of experience in Cyber Security, with at least 5 years focused on Offensive Security, Penetration Testing, or Red Team Operations
Strong hands-on experience in web application, API, network, infrastructure, cloud, and mobile security testing
Experience conducting red team operations and advanced adversary simulation exercises
Strong understanding of attack frameworks such as MITRE ATT&CK and Cyber Kill Chain
Experience in identifying and exploiting vulnerabilities such as OWASP Top 10, authentication flaws, privilege escalation, and cloud security weaknesses
Strong knowledge of operating systems including Windows, Linux, and cloud platforms such as AWS, Azure, or GCP
Experience with scripting and automation using Python, PowerShell, Bash, or similar languages
Strong report writing, communication, and stakeholder management skills

Nice to Have

~1 min read

OSCP (Offensive Security Certified Professional)
OSCE / OSEP
CRTO (Certified Red Team Operator)
CREST Certifications
CISSP
GIAC Security Certifications (GPEN, GXPN, GWAPT, etc.)

Experience with cloud penetration testing and container security
Knowledge of Active Directory attack techniques and identity security
Experience with threat emulation and purple team engagements
Familiarity with DevSecOps and secure software development practices
Experience using tools such as Burp Suite, Metasploit, Nmap, BloodHound, Cobalt Strike, Sliver, Nessus, and similar platforms