8 Offensive Security Jobs

Join our diverse team as we embark on our roadmap to strengthen Macquarie's security posture. You will collaborate with a team of security professionals to deliver complex offensive security engagements and contribute to Macquarie's security practices at both tactical and strategic levels. At Macquarie, our advantage is bringing together diverse people and empowering them to shape all kinds of possibilities. We are a global financial services group operating in 31 markets and with 56 years of unbroken profitability. You'll be part of a friendly and supportive team where everyone - no matter what role - contributes ideas and drives outcomes. You will be responsible for executing penetration tests, evaluating findings, reporting results, providing remediation advice, and improving security testing processes. Additionally, you will contribute to Macquarie's security practices at both tactical and strategic levels. What You Offer: - Strong hands-on experience of 9 to 13 years in either security testing or software development. - A solid theoretical background in offensive security subjects, such as web application security, mobile security, and infrastructure security (including cloud and containers) and thick client application. - A willingness to learn, discover, and apply the latest offensive security tactics, techniques, and procedures. - The ability to perform thorough analyses and strive to identify the root causes behind vulnerabilities. - The ability to effectively convey technical insights to both technical and non-technical audiences, including C-level executives, through written and verbal communication. - Practical certifications such as BSCP, CBBH, CPTS, OSCP, or OSWE are considered an advantage. We love hearing from anyone inspired to build a better future with us, if you're excited about the role or working at Macquarie we encourage you to apply. Macquarie employees can access a wide range of benefits which, depending on eligibility criteria, include: - Hybrid and flexible working arrangements - One wellbeing leave day per year - Up to 20 weeks paid parental leave as well as benefits to support you as you transition to life as a working parent - Paid volunteer leave and donation matching - Other benefits to support your physical, mental and financial wellbeing - Access a wide range of learning and development opportunities Technology enables every aspect of Macquarie, for our people, our customers, and our communities. We're a global team that is passionate about accelerating the digital enterprise, connecting people and data, building platforms and applications, and designing tomorrow's technology solutions.,

As part of its mission to detect and monitor vulnerabilities of all Safran' systems exposed over the Internet, the cybersecurity team of the Digital and Information System Department needs to reinforce its vulnerability assessment team. The objective of the job is to detect vulnerabilities affecting Safran's assets exposed on the internet in order to reduce the attack surface . By using a scalable means of continuously monitoring, you will identify risky elements and define efficient remedial action. Role & responsibilities Assets Discovery: - Use ASM platform to discover and continuously monitor Safran's technical assets exposed on the Internet. - Follow the evolution of these assets over time - Complete inventory of Safran's internet assets Vulnerability assessment: - Detect Vulnerabilities and policy violations - Evaluate supplier risk and assess the security of acquired companies. - Identify critical vulnerabilities in assets that cyber attackers could exploit - Investigate and recommend appropriate corrective actions - Detect false positive using tools or manual methods - Directly report to operational team when a vulnerability is detected - Review escalated cases until closure Vulnerability reporting: - Ensure an appropriate reporting - Prepare meetings and draw reports - Monthly meetings with different stakeholders (with operational teams, CISO, cybersecurity team) Preferred candidate profile Cortex Xpanse - Attack Surface Management platform. SecurityScorecard - Security Ratings & Cybersecurity Risk platform

Malware & Threat Intelligence Research – Offensive Security Researcher https://zrec.in/5789h?source=CareerSite

Apply on company website- https://zrec.in/hIRJh?source=CareerSite

Job Title: Manager - Offensive Security (IC Role / Operational Lead) We're seeking a highly skilled offensive security specialist to lead and drive offensive security operations within our cybersecurity program. While this is an individual contributor (IC) position, the title Manager reflects the role's strategic and operational leadership - not people management. The ideal candidate will have 5-7 years of hands-on experience in red teaming, adversary simulation, or penetration testing, with a strong grasp of attack techniques and the ability to plan, coordinate, and execute advanced offensive assessments. You will be responsible for shaping offensive engagements, guiding technical direction, collaborating with internal teams, and ensuring that offensive operations align with real-world threats and business risk. If you're a technically strong operator who can lead from the front , connect offensive insights to organizational impact, and drive continuous improvement in testing capabilities, this role is for you. Key Responsibilities: Lead offensive security operations end-to-end - from scoping and planning to execution and reporting. Design, coordinate, and execute advanced attack simulations aligned to the MITRE ATT&CK framework. Develop and lead Red Team and adversary emulation campaigns across infrastructure, applications, and cloud environments. Identify and exploit security gaps using real-world TTPs including privilege escalation, lateral movement, and domain dominance. Collaborate closely with defensive teams during Purple Team exercises to enhance detection and response capabilities. Own and improve Red Team methodologies, tools, playbooks, and workflows. Deliver high-quality technical reports and executive-level summaries with clear articulation of attack paths, risks, and mitigations. Stay ahead of the curve on evolving attacker techniques and incorporate them into offensive strategy. Mentor junior red teamers and act as the primary technical escalation point for offensive assessments. Represent offensive operations in internal security reviews and technical steering meetings. Experience: 5-7 years of hands-on experience in Red Teaming, Penetration Testing, or Offensive Security roles. Proven experience in leading complex offensive assessments across enterprise environments. Experience in managing offensive operations, engagement lifecycle, and cross-team coordination. Technical Skills: Deep understanding of Windows and Linux internals, enterprise AD security, and cloud attack surfaces. Proficient in lateral movement techniques, domain escalation, Kerberoasting, delegation abuse, and token manipulation. Comfortable with C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic) and OPSEC-aware post-exploitation. Hands-on experience with tools like BloodHound, Mimikatz, Rubeus, Responder, SharpHound, Burp Suite, etc. Strong familiarity with the MITRE ATT&CK framework and applying it operationally. Scripting experience in PowerShell, Python, or Bash for PoCs, tooling, or automation. Communication & Reporting: Strong technical documentation and reporting skills - ability to translate offensive findings into structured, actionable reports. Ability to confidently present findings, attack paths, and risk narratives to both technical and leadership stakeholders. Skilled in articulating the business impact of technical vulnerabilities and threat scenarios. Preferred Qualifications: Experience leading Purple Team engagements and cross-functional security exercises. Exposure to threat intelligence-led Red Teaming methodologies (e.g., TIBER-EU, CBEST). Familiarity with Application Security (AppSec) testing methodologies. Exposure to AI/ML Red Teaming or adversarial testing of AI models and pipelines. Understanding of EDR/AV evasion, payload delivery, and defense bypass strategies. Experience in building offensive tools or attack automation frameworks. Relevant certifications: OSCP, CRTO, CRTP, OSEP , or equivalent.

Dear Candidate, Greetings from Northern Trust! Northern Trust is currently having an exciting vacancy of Associate, Cyber Security position for our Pune location. Your profile seems to be matching the requirement. Please find below the company and job details for your reference Company Details: Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the worlds most sophisticated clients using leading technology and exceptional service. Job Role: Associate, Cyber Security Job Location: Pune Experience: 4 to 8 years Skills: Security operations, Offensive Security, ServiceNow, OSCP Job Description: Role/ Department: The Purple Team Analyst will work as part of the wider Global Threat Management team in the continuous development of the cyber operations program. The purple team will work very closely with The Global Threat Management Team. The Global Threat Management Team is responsible for vulnerability management, threat technology management and security monitoring. The key responsibilities of the role include: Working with the wider technology teams to improve technology hygiene and reduce the attack surface. Design and run exercise campaigns based on industry specific threat intelligence and vulnerabilities. Provide continuous learning and training opportunities for the Global Threat Management team as a result of continuous exercise campaigns. Act as an integral driver of the cyber operations development programme, benchmarking results against industry standard frameworks including MITRE and NIST. Configure and safely utilize attack tools, tactics, and procedures against a simulation lap. Develop scripts, tools, or methodologies to enhance purple teaming capabilities. Help to execute the Purple Team strategy to further enhance the security posture of the firm. Effectively communicate findings and strategy to stakeholders including technical staff, executive leadership. Skills/ Qualifications: Relevant experience in information security and adversary simulation. Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector. Experience in large scale information technology implementations and operations preferred. Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN. Proficient in exploitation and post exploitation frameworks such as Cobalt Strike, Metasploit Framework, Empire. Proficient in one or more of the following scripting languages (Python, PowerShell, Bash, Ruby) Advanced knowledge of Windows Operating System architecture and internals. Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems. If you are interested to pursue this opportunity further, kindly respond back with your resume and details at the earliest. Regards, Northern Trust Talent Acquisition Team

Location: Mumbai (Candidates should be born and brought up in Mumbai) Experience: 5-7 years Notice Period: Immediate to 30 days ________________________________________ We are seeking a Pen tester (Penetration Testing) to join our cybersecurity team. The ideal candidate will have proven experience in penetration testing, vulnerability assessment, and offensive security operations. Key Responsibilities: Conduct penetration testing on web applications, ERP, SAP systems, and infrastructure assets. Draft business risk-oriented reports and assist teams in mitigating identified vulnerabilities. Contribute to the creation and implementation of security tools to secure the Saint-Gobain environment. Participate in Red Team and Purple Team exercises. Define and implement quality and performance metrics for the cybersecurity roadmap. Qualifications: Educational Background: Bachelors degree in Computer Science or Information Security; relevant certifications (e.g., OSCP, CRTP, CompTIA Security+) are a plus. Technical Expertise: Hands-on experience in web application and API penetration testing tools. Knowledge Areas: o Strong understanding of OWASP Top 10 or SANS Top 25. o Familiarity with malware, TCP/UDP packets, IDS/IPS, web proxies, SIEM, DNS security, and firewalls. o Basic knowledge of ERP and SAP systems. o Mobile and thick client application penetration testing. Skills: Scripting experience (e.g., Python, Bash, Powershell, C#) for automation. Participation in CTF challenges (Hack the Box, Root Me, TryHackMe) is a plus.

Job Description Do you want to lead teams that find and exploit security vulnerabilities in Fortune 100 companies, critical infrastructure, and public sector agencies impacting millions of users? Join Securins Offensive Security Team where you'll emulate real-world attacks and oversee advanced offensive operations. We are a cross-disciplinary group of red teamers, adversarial AI researchers, and software developers dedicated to finding and fixing vulnerabilities across critical digital ecosystems. Role & responsibilities - Lead and perform advanced offensive security assessments, including Red Team operations, threat-based evaluations, and vulnerability exploitation. - Supervise and mentor a team of offensive engineers, manage task prioritization, and ensure high-quality delivery. - Execute Red Team operations on production systems, including AI platforms, using real-world adversarial tactics. - Provide strategic and technical security guidance to internal and external stakeholders. - Collaborate cross-functionally to integrate findings into enterprise detection and defense strategies. - Research and develop adversary TTPs across the full attack lifecycle. - Build tools to automate and scale offensive emulation and vulnerability discovery, utilizing AI/ML systems. - Continuously evaluate and enhance assessment methodologies and frameworks used by the team. - Contribute to the security community through publications, presentations, bug bounties, and open-source projects. Required Qualifications - 5+ years of experience in offensive security, red teaming, or penetration testing with at least 1 year in a leadership role. - Bachelors or Masters degree in Computer Science, Computer Engineering, or relevant field; or equivalent experience. - Expert knowledge of offensive security tactics, threat modeling, APT emulation, and Red Team operations. - Strong understanding of MITRE ATT&CK framework and exploitation of common vulnerabilities. - Proficiency in one or more programming/scripting languages (Python, Go, PowerShell, C/C++, etc.). - Hands-on experience with penetration testing tools such as Metasploit, Burp Suite Pro, NMAP, Nessus, etc. - Familiarity with security in cloud environments (AWS, Azure, GCP) and across Windows/Linux/macOS platforms. - Ability to clearly articulate findings to technical and executive audiences and lead mitigation efforts. - Authorization to work in the country of employment at time of hire and ongoing during employment. Preferred Qualifications - Certifications like OSCP, OSCE, OSEP, CRTO, or equivalent. - Experience with Purple Team operations and threat intelligence integration. - Track record in CTF competitions or bug bounty programs. - Reverse engineering experience or malware analysis expertise. - Exposure to Responsible AI and adversarial machine learning. - Participation in AI Village at DEFCON or similar security research events. - Publications or contributions to conferences such as AISec, NeurIPS, FAccT, or IC4. Other Requirements Ability to meet Securin, customer, and/or government security screening requirements. This includes a background check at the time of hire/transfer and every two years thereafter. Who Should Apply You have experience executing technical research and offensive security strategies with teams. You are skilled in experimental security science and confident in building your own tools. You clearly communicate findings, are mission-driven, and want to drive change in AI and cybersecurity. Role-Specific Policy This hybrid role requires in-office presence at least 50% of the time. Locations: Chennai, Tamil Nadu (India)