• The Offensive Security Engineer scopes, designs and executes controlled cybersecurity offensive operations, penetration tests and threat adversary emulation exercises to identify vulnerabilities and risks, evaluate the effectiveness of security controls and the incident response process. • The Offensive Security Engineer documents any identified risks, translates technical findings into clear, actionable recommendations and works with stakeholders to identify appropriate mitigating controls to manage any outstanding risk. • The Offensive Security Engineer works closely with counterparts in defensive teams to improve threat detection and response and engineering teams to mitigate risk before it's introduced into the environment. • Scope, develop and execute penetration tests, purple team assessments and red team exercises. • Design and develop tools, infrastructure and exploits in support of red team operations. • Research and implement assessments based on emerging threats, threat intelligence, and vulnerabilities. • Identify gaps in threat detection, Prevention and response. • Work collaboratively with counterparts in Cyber Defense roles to enhance the firms security posture. • Effectively communicate vulnerabilities, risks and technical findings to stakeholders and work with stakeholders to recommend and validate mitigating controls.

• Conduct intrusion tests (internal and external) in corporate environments, web applications, APIs, networks, operating systems and cloud infrastructure. • Plan, execute and document simulated offensive campaigns (Red Team operations), focusing on defense evasion, lateral movement, persistence and data exfiltration. • Develop and apply adversary simulation techniques, based on frameworks such as MITRE ATT&CK, APT TTPs and other threat intelligence sources. • Use and customize offensive tools such as Cobalt Strike, Metasploit, Empire, Sliver, BloodHound, Burp Suite, among others. • Identify vulnerabilities, misconfigurations and potential attack vectors that could be exploited by malicious actors. • Prepare technical and executive reports with findings, evidence and recommendations for mitigation. • Work closely with Blue Team, SOC and Vulnerability Management teams, supporting Purple Team exercises and improving the organization's defenses. • Continuously update knowledge on new attack techniques, tools, exploits and threat landscape trends.

• Conduct thorough research on target systems, applications, and networks to identify potential vulnerabilities. • Develop and execute custom attack vectors using various tools and techniques (e.g., fuzzing, SQL injection, Cross-Site Scripting (XSS), Server-Side-Request-Forgery (SSRF), Remote Code Execution). • Identify and exploit vulnerabilities in a responsible manner, ensuring that no harm is caused to the system or data being tested. • Document all findings, including detailed descriptions of discovered vulnerabilities, proof-of-concept code, and steps taken to reproduce the issue. • Participate in regular bug bounty programs and contribute to the improvement of our products and services.

• Design, build, and maintain systems to protect digital assets • Architect end-to-end security solutions for multi-cloud environments • Embed automated security scanning into CI/CD pipelines • Serve as technical lead during high-severity security incidents • Manage complex, risk-based vulnerability programs • Ensure technical controls align with evolving global regulations