Lead Offensive Security Engineer (US Remote)

Company Description

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been name in the 100 “World’s Most Innovative Companies” by Forbes Magazine.

Job Description

What you’ll be doing

Experian’s Offensive Security team is charged with improving the organization’s security posture through clarifying risk and verifying the efficacy of our technical, people, physical and process controls from an attacker perspective. In order to accomplish this, the team performs regular Adversary Simulation (Red Team) testing, leads and contributes to Purple Team Exercises and performs Ad-Hoc and Tactical Assessments based on changes to the threat landscape and organizational needs.

As a Lead Engineer within the Offensive Security team, you will lead and participate in the design and execution of both campaign-based adversary simulation assessments and tactical assessments, whilst contributing to collaborative Purple Team exercises. Successful team members must be capable of evaluating environments, applications, systems and processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies. In addition, all team members are expected to be able to provide an “attacker perspective” and be able to effectively communicate highly complex technical issues to a variety of audiences.

To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming. All Offensive Security team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge.

Responsibilities

• Collaborate closely with other teams within the Cyber Fusion Centre and the wider organization to ensure threat-informed Cyber Risks are understood and articulated appropriately, with a goal of contributing to the successful defense of the organization
• Perform engagement at multiple organizational levels, from senior leaders to technical analysts to help drive risk understanding and verify the efficacy of remediation/mitigative actions
• Actively participate in performing physical exploitation, network exploitation and social engineering assessments against authorized targets
• Leverage CyberThreat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian’s control environment
• Continuously research and stay up to date with the latest cyber threats, attack vectors and attacker methodologies
• Provide remediation recommendations across the organization to aid with mitigation of identified Cyber Risks
• Actively engage in all phases of Offensive Security operations
• Develop scripts, tools and methodologies to increase Offensive Security’s capabilities and educate other team members
• Leverage MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance

Qualifications

What your background looks like

• Relevant, recent and verifiable experience in offensive security and adversary simulation
• Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services and healthcare sectors
• 10+ years’ experience in Cyber Security in enterprise environments
• 5+ years’ experience in two or more of the following areas:
  • Network penetration testing and manipulation of network infrastructure
  • Web application penetration testing assessments
  • Email, phone, or physical social-engineering assessments
  • Developing, extending, or modifying exploits, shell code or exploit tools
  • Red/Purple teaming exercises
  • Covert physical intrusion
  • Cloud security or penetration testing (any major provider)
• Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN or equivalent experience
• Proficient in attacker tooling, including post-exploitation frameworks and tooling
• Proficient in one or more of the following programming languages (C, C++, C#, Go)
• Proficient in one or more of the following scripting languages (Python, PowerShell, Bash, Ruby)
• Excellent communicator, both written and oral, particularly around Threat and Risk
• Knowledge of current cloud attack methodologies and mitigations
• Advanced knowledge of Windows Operating System architecture and internals and use thereof in an enterprise environment
• Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems
• Extensive knowledge of IT technologies and methods to secure them, specifically for databases, SharePoint, storage area networks, cloud-based storage, and data warehouses

Perks

• ​​​​​​20 days of vacation accrued annually, five sick days, and two volunteer days (plus twelve paid holidays)
• Competitive pay and comprehensive benefits package, with a bonus target of 20%
• This role can be 100% remote long-term or you can work out of one of our offices
• People-focused culture where personal and professional growth is prioritized
• Recognition and celebration of performance and achievements
• Power to bring your whole self to work – where your differences and values will be respected and celebrated
• Employee Resource Groups set up and run by employees, for employees. These networks build, celebrate, and further understanding of the diverse identity and experiences within Experian, in support of our commitment to diversity and inclusion
• International network of peers; mentorship programs

Additional Information

All your information will be kept confidential according to EEO guidelines.

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education. This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. We’re passionate about unlocking the power of data to transform lives and create opportunities for consumers, businesses, and society. For more than 125 years, we’ve helped people and economies flourish – and we’re not done.

We take our people’s agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, collaboration, wellness, reward & recognition, volunteering, making an impact... the list goes on. See our DEI work in action!

The power of YOU. We are building a culture where everyone is comfortable bringing their whole self to work. A place where we not only respect our differences and values but celebrate them in a positive and supportive environment.

Find out what is like to work for Experian and discover the Unexpected!