Offensive Security Engineer
As an Offensive Security Engineer, you’ll play a key role in helping Degreed stay ahead of evolving threats. You’ll lead and execute red team engagements, penetration tests, and threat simulations to uncover and validate vulnerabilities across our cloud, application, and infrastructure environments.
You’ll collaborate closely with security operations, detection, and engineering teams to translate findings into real improvements, strengthening our defenses and making a measurable impact on how we protect our people, data, and platform.
Key Skills
3–5 years of experience in offensive security, penetration testing, or red teaming roles.
Demonstrated ability to exploit systems ethically and communicate technical risk to engineering and business teams.
Hands-on experience with offensive tools such as Cobalt Strike, Metasploit, Burp Suite, or custom-built tools.
Solid understanding of attack chains across cloud (Azure/AWS), infrastructure, endpoints, and APIs.
Familiarity with MITRE ATT&CK, OWASP Top 10, and post-exploitation techniques.
Nice to Have
Certifications such as OSCP, CRTO, GPEN, or similar red team/pentest credentials.
Experience with scripting and automation (e.g., PowerShell, Python).
Exposure to threat detection engineering and EDR/XDR technologies (e.g., Defender, SentinelOne, Splunk).
Participation in bug bounty programs, CTF competitions, or community red teaming engagements.
Knowledge of secure software development practices and DevSecOps concepts.
Key Responsibilities
Red Teaming & Offensive Security
Plan and execute offensive assessments, including internal/external pen tests, phishing campaigns, and assumed breach exercises.
Simulate real-world threats using frameworks like MITRE ATT&CK, performing lateral movement, privilege escalation, and safe data access operations.
Build and maintain red team infrastructure, tools, and custom payloads to test and enhance detection and response capabilities.
Vulnerability Validation & Testing
Validate vulnerabilities to assess true risk and support prioritized remediation.
Perform manual and automated testing of APIs, cloud environments, apps, and internal systems.
Collaborate with detection engineers to fine-tune alerts and improve visibility into adversarial behaviors.
Security Hardening & Collaboration
Identify control gaps and advise infrastructure and DevOps teams on remediation and hardening.
Support purple team exercises and secure architecture reviews with offensive security insights.
Share findings, attack paths, and recommendations through well-documented post-exercise reports.
Performance Expectations
Deliver red team findings that drive measurable risk reduction.
Regularly conduct assessments with clear reporting and responsible disclosure.
Partner cross-functionally to strengthen detection, response, and resilience.
Maintain a proactive mindset and contribute to a culture of continuous security improvement.
Compensation
We are committed to fair and equitable compensation practices.
The total pay range for this role is $150,000 - $185,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to: skill set, depth of experience, certifications, and specific work location.
About the job
Apply for this position
Offensive Security Engineer
As an Offensive Security Engineer, you’ll play a key role in helping Degreed stay ahead of evolving threats. You’ll lead and execute red team engagements, penetration tests, and threat simulations to uncover and validate vulnerabilities across our cloud, application, and infrastructure environments.
You’ll collaborate closely with security operations, detection, and engineering teams to translate findings into real improvements, strengthening our defenses and making a measurable impact on how we protect our people, data, and platform.
Key Skills
3–5 years of experience in offensive security, penetration testing, or red teaming roles.
Demonstrated ability to exploit systems ethically and communicate technical risk to engineering and business teams.
Hands-on experience with offensive tools such as Cobalt Strike, Metasploit, Burp Suite, or custom-built tools.
Solid understanding of attack chains across cloud (Azure/AWS), infrastructure, endpoints, and APIs.
Familiarity with MITRE ATT&CK, OWASP Top 10, and post-exploitation techniques.
Nice to Have
Certifications such as OSCP, CRTO, GPEN, or similar red team/pentest credentials.
Experience with scripting and automation (e.g., PowerShell, Python).
Exposure to threat detection engineering and EDR/XDR technologies (e.g., Defender, SentinelOne, Splunk).
Participation in bug bounty programs, CTF competitions, or community red teaming engagements.
Knowledge of secure software development practices and DevSecOps concepts.
Key Responsibilities
Red Teaming & Offensive Security
Plan and execute offensive assessments, including internal/external pen tests, phishing campaigns, and assumed breach exercises.
Simulate real-world threats using frameworks like MITRE ATT&CK, performing lateral movement, privilege escalation, and safe data access operations.
Build and maintain red team infrastructure, tools, and custom payloads to test and enhance detection and response capabilities.
Vulnerability Validation & Testing
Validate vulnerabilities to assess true risk and support prioritized remediation.
Perform manual and automated testing of APIs, cloud environments, apps, and internal systems.
Collaborate with detection engineers to fine-tune alerts and improve visibility into adversarial behaviors.
Security Hardening & Collaboration
Identify control gaps and advise infrastructure and DevOps teams on remediation and hardening.
Support purple team exercises and secure architecture reviews with offensive security insights.
Share findings, attack paths, and recommendations through well-documented post-exercise reports.
Performance Expectations
Deliver red team findings that drive measurable risk reduction.
Regularly conduct assessments with clear reporting and responsible disclosure.
Partner cross-functionally to strengthen detection, response, and resilience.
Maintain a proactive mindset and contribute to a culture of continuous security improvement.
Compensation
We are committed to fair and equitable compensation practices.
The total pay range for this role is $150,000 - $185,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to: skill set, depth of experience, certifications, and specific work location.