Senior Offensive Security Engineer, Penetration Testing
Brak informacji o wynagrodzeniu
SeniorFull-time·Umowa o pracę
#382163·Dodano 8 dni temu·1
Źródło: P>ech Stack / Keywords
SecurityTestingGoCloudNetworksIoTAILLM
Firma i stanowisko
The Information Security Protect organization at Procter & Gamble is responsible for simulating threat actor behaviors and scenarios to improve applications, systems, detection, and response capabilities through regular security control testing across the enterprise.
Wymagania
- Bachelor’s degree or equivalent in Information Security, Cybersecurity, Computer Science, or related field, or 7+ years of relevant experience.
- 5+ years of experience in penetration testing, offensive security, adversary simulation, application security testing, or security research in complex environments.
- Demonstrated ability to lead complex penetration tests, manage ambiguity, make technical decisions, guide testers, and serve as an escalation point for high-risk findings.
- Deep experience identifying, exploiting, and chaining weaknesses across at least three domains such as web applications, APIs, mobile, cloud infrastructure, enterprise apps, databases, networks, servers, IoT devices, identity platforms, directory services, or AI-enabled systems.
- Strong ability to automate offensive security tasks and build tooling using languages such as Python, PowerShell, Go, C#, JavaScript, C/C++, Assembly, or similar.
- Advanced Linux command-line experience and strong familiarity with Windows, enterprise environments, and common administrative tooling.
- Hands-on experience with at least one major cloud provider such as GCP, AWS, or Azure, including attack paths, misconfigurations, identity models, and cloud-native services.
- Ability to read and understand source code across multiple languages to identify security flaws and exploitability.
- Proven ability to test or bypass preventative and detective controls while operating safely within approved scope and rules of engagement.
- Experience creating automation, tools, or AI-enabled workflows to improve offensive security effectiveness, efficiency, coverage, or quality.
- Familiarity with security risks in AI-enabled technologies such as prompt injection, insecure agent or tool execution, sensitive data exposure, model misuse, authorization bypass, and AI application abuse cases.
- Strong written and verbal communication skills for briefing technical teams, security teams, and leadership.
Nice to have:
- Offensive security certifications such as OSCP, OSWE, OSEP, OSCE, GXPN, GPEN, GWAPT, or similar.
- Public tools, research contributions, conference talks, blog posts, CVEs, open-source contributions.
- Experience developing AI-assisted security tools, agentic workflows, vulnerability triage systems, exploit helpers, or report-generation pipelines.
- Experience testing AI applications, LLM-based systems, AI agents, RAG systems, and AI-enabled business workflows.
- Experience with mobile, IoT, embedded systems, firmware, reverse engineering, radio-frequency testing, or hardware exploitation.
- Experience with cloud and identity attack paths involving SSO, MFA, OAuth, service principals, IAM, secrets exposure, conditional access, PAM, or privilege escalation.
- Experience collaborating with DFIR, SOC, Detection Engineering, Application Security, Cloud Security, Product Security, and Vulnerability Management teams.
- Experience building penetration testing methodologies, reporting standards, reusable playbooks, tooling, metrics, remediation validation processes, or team knowledge bases.
Obowiązki
- Lead complex, ambiguous, high-risk, or multi-domain penetration tests across applications, APIs, infrastructure, cloud, identity, networks, IoT, mobile, and enterprise environments.
- Partner with Intake Management and stakeholders to validate objectives, challenge technical assumptions, identify engagement risks, and shape the testing approach.
- Own technical execution strategy for complex engagements, including attack path development, safe exploitation, evidence standards, peer review, reporting quality, and remediation validation.
- Identify, exploit, and chain vulnerabilities across systems and domains to demonstrate realistic business impact and remediation priority.
- Design and execute control validation paths, including testing or bypassing preventative and detective controls, and document gaps to support remediation and defensive improvement.
- Serve as the technical escalation point for complex, novel, high-impact, or ambiguous findings from penetration tests, VDP, and Bug Bounty submissions.
- Review complex findings and reports from other testers to ensure technical accuracy, impact clarity, evidence quality, and remediation usefulness.
- Work with engineering, product, cloud, infrastructure, and security teams to translate findings into practical remediation and risk reduction.
- Partner with Cyber Defense Protect, Detect, and Respond teams to operationalize findings and improve defensive controls.
- Design, build, and govern internal tools, automation, and AI-assisted workflows to improve team scale, consistency, coverage, triage, exploitation support, reporting, and remediation validation.
- Lead security testing of AI-enabled applications, LLM systems, AI agents, RAG pipelines, model integrations, tool/plugin execution, and AI-specific abuse paths.
- Produce executive-ready risk narratives and technical reports tied to business impact, exploitability, and remediation priority.
- Mentor junior testers, provide peer review, and raise standards for methodology, exploit quality, documentation, safety, and communication.
- Drive team maturity through methodology standardization, reusable playbooks, technical review practices, tooling, metrics, knowledge sharing, and process improvement.
Benefity
- P&G-sized projects and access to world-leading IT partners and technologies from Day 1.
- Wide range of self-development possibilities including training and certification paths.
- Competitive starting salary and benefits program including private health care, P&G stock, saving plans, and sport cards.
- Regular salary increases and possible promotions in line with results and performance.
- Opportunity to change role every few years to align with personal and company best interests.
- Hybrid work model allowing work from home two days a week with collaborative in-office time.
Opieka zdrowotna
Karta sportowa
Udziały pracownicze
Inne informacje
Employment is exclusively based on "Umowa o Pracę" (Full-time Employment Contract). Apply only if you agree to these conditions. Procter & Gamble is an equal opportunity employer providing reasonable accommodations during the application process.
P&G
26 aktywnych ofert