Offensive Security Analyst

Global Risk and Security (GR&S) at Vanguard enables business strategy protects client and Vanguard interests (e.g. assets and data) and stewards a strong risk culture. Our teams leverage enterprise-wide insights deep expertise and trusted advice so that across Vanguard leaders and crew drive faster stronger risk-informed decisions.

Were seeking a highly skilled and motivated offensive security professional with a passion for Red Teaming and adversarial simulation. This role is ideal for someone who thrives on uncovering weaknesses in complex systems particularly across web applications and cloud infrastructure and who can think like an attacker to help us stay ahead of evolving threats.

Key Responsibilities:

• Lead and execute advanced web application penetration tests and cloud-focused Red Team engagements simulating real-world adversaries.
• Identify exploit and document vulnerabilities in web apps APIs and cloud platforms (AWS Azure GCP) delivering actionable risk assessments and remediation guidance.
• Design and conduct adversarial simulations to test detection and response capabilities across hybrid environments.
• Collaborate with development cloud and security engineering teams to harden applications and infrastructure.
• Develop and maintain custom tools scripts and payloads to support Red Team operations and web/cloud exploitation.
• Produce detailed high-impact reports and debriefs for both technical and executive audiences.
• Stay ahead of the curve by researching emerging threats TTPs and vulnerabilities relevant to web and cloud ecosystems.
• Contribute to threat modeling purple team exercises and incident response investigations.
• Mentor junior team members and foster a culture of continuous learning and offensive innovation.

Required Qualifications:

• Proven experience in Red Team operations adversary emulation or advanced penetration testing.
• Deep expertise in web application security including OWASP Top 10 authentication/authorization session management and input validation.
• Strong hands-on experience with cloud platforms (AWS Azure GCP) and their security models.
• Proficiency with offensive tooling such as Burp Suite Cobalt Strike Metasploit custom scripts and cloud-native attack tools.
• Demonstrated ability to exploit vulnerabilities such as SQLi XSS CSRF SSRF RCE XXE IDOR and privilege escalation in cloud environments.
• Familiarity with frameworks like MITRE ATT&CK PTES and NIST 800-115.
• Strong scripting/programming skills (Python PowerShell Bash JavaScript) for automation and exploit development.
• Excellent communication skills and the ability to clearly articulate complex findings to diverse audiences
• Offensive Security Certified Professional (OSCP) required

Preferred Certifications:

• OSWE (Offensive Security Web Expert)
• OSEP (Offensive Security Experienced Penetration Tester) techniques.
• CRTO (Certified Red Team Operator)
• GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
• GCPN (GIAC Cloud Penetration Tester)

Additional Skills (Preferred but not Required):

• Cloud-native attack simulation: Experience with adversary emulation in AWS Azure or GCP using tools like Pacu CloudGoat or custom scripts.
• Detection evasion and stealth techniques: Familiarity with bypassing EDR WAFs and other security controls during Red Team operations.
• Purple teaming collaboration: Ability to work closely with Blue Teams to improve detection and response through collaborative exercises.
• CI/CD pipeline exploitation: Understanding of how to identify and exploit weaknesses in DevOps workflows and build systems.
• Knowledge of identity and access abuse: Skills in abusing SSO OAuth SAML and misconfigured IAM roles or policies.
• Experience with threat intelligence: Ability to incorporate real-world TTPs from APT groups or threat actors into Red Team scenarios.

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.