drjobs Offensive Security Analyst

Offensive Security Analyst

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Charlotte - USA

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

Global Risk and Security (GR&S) at Vanguard enables business strategy protects client and Vanguard interests (e.g. assets and data) and stewards a strong risk culture. Our teams leverage enterprise-wide insights deep expertise and trusted advice so that across Vanguard leaders and crew drive faster stronger risk-informed decisions.

Were seeking a highly skilled and motivated offensive security professional with a passion for Red Teaming and adversarial simulation. This role is ideal for someone who thrives on uncovering weaknesses in complex systems particularly across web applications and cloud infrastructure and who can think like an attacker to help us stay ahead of evolving threats.

Key Responsibilities:

  • Lead and execute advanced web application penetration tests and cloud-focused Red Team engagements simulating real-world adversaries.
  • Identify exploit and document vulnerabilities in web apps APIs and cloud platforms (AWS Azure GCP) delivering actionable risk assessments and remediation guidance.
  • Design and conduct adversarial simulations to test detection and response capabilities across hybrid environments.
  • Collaborate with development cloud and security engineering teams to harden applications and infrastructure.
  • Develop and maintain custom tools scripts and payloads to support Red Team operations and web/cloud exploitation.
  • Produce detailed high-impact reports and debriefs for both technical and executive audiences.
  • Stay ahead of the curve by researching emerging threats TTPs and vulnerabilities relevant to web and cloud ecosystems.
  • Contribute to threat modeling purple team exercises and incident response investigations.
  • Mentor junior team members and foster a culture of continuous learning and offensive innovation.

Required Qualifications:

  • Proven experience in Red Team operations adversary emulation or advanced penetration testing.
  • Deep expertise in web application security including OWASP Top 10 authentication/authorization session management and input validation.
  • Strong hands-on experience with cloud platforms (AWS Azure GCP) and their security models.
  • Proficiency with offensive tooling such as Burp Suite Cobalt Strike Metasploit custom scripts and cloud-native attack tools.
  • Demonstrated ability to exploit vulnerabilities such as SQLi XSS CSRF SSRF RCE XXE IDOR and privilege escalation in cloud environments.
  • Familiarity with frameworks like MITRE ATT&CK PTES and NIST 800-115.
  • Strong scripting/programming skills (Python PowerShell Bash JavaScript) for automation and exploit development.
  • Excellent communication skills and the ability to clearly articulate complex findings to diverse audiences
  • Offensive Security Certified Professional (OSCP) required

Preferred Certifications:

  • OSWE (Offensive Security Web Expert)
  • OSEP (Offensive Security Experienced Penetration Tester) techniques.
  • CRTO (Certified Red Team Operator)
  • GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
  • GCPN (GIAC Cloud Penetration Tester)

Additional Skills (Preferred but not Required):

  • Cloud-native attack simulation: Experience with adversary emulation in AWS Azure or GCP using tools like Pacu CloudGoat or custom scripts.
  • Detection evasion and stealth techniques: Familiarity with bypassing EDR WAFs and other security controls during Red Team operations.
  • Purple teaming collaboration: Ability to work closely with Blue Teams to improve detection and response through collaborative exercises.
  • CI/CD pipeline exploitation: Understanding of how to identify and exploit weaknesses in DevOps workflows and build systems.
  • Knowledge of identity and access abuse: Skills in abusing SSO OAuth SAML and misconfigured IAM roles or policies.
  • Experience with threat intelligence: Ability to incorporate real-world TTPs from APT groups or threat actors into Red Team scenarios.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.


Required Experience:

IC

Employment Type

Full-Time

Company Industry

About Company

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.