Offensive Security Engineer Associate / Intern
Albuquerque, NM
Securin Inc.
Securin is a leading provider of tech-enabled Cybersecurity Services helping hundreds of customers worldwide gain resilience against emerging threats. Powered by accurate vulnerability intelligence, human expertise, and automation, our products...Offensive Security Engineer Associate / Intern
Securin is expanding its team of offensive security engineers focused on hunting and mitigating extreme risks in digital ecosystems, AI systems and future AI models.
We are looking for Offensive Security Engineers who can execute offensive assessments and attack validation across our customers' environments. Our objective is to preempt the adversary in attacking our customers and make the entities more secure.
This individual should have knowledge across the attack lifecycle, MITRE ATT&CK framework, TTPs used by known Advanced Persistent Threats (APTs) groups, and a demonstrated capacity to understand, design and execute offensive security assessments against various technologies and stacks.
Candidates are expected to support delivering technology-oriented assessments that positively benefit the overall security posture of the organization. This role requires a desire to help drive fixes after testing cycles, both as short-term mitigations and long-term improvements.
Job Description
Do you want to find and exploit security vulnerabilities in fortune 100 companies, critical infrastructure companies, and public sector agencies impacting millions of users?
Join Securin’s Offensive Security Team where you'll emulate real-world attacks against our customers' systems. We are an interdisciplinary group of red teamers, adversarial Machine Learning (ML) researchers and software developers with the mission of proactively finding weaknesses and vulnerabilities in some of the most critical digital ecosystems in the world.
Responsibilities
● Offensive Security Assessments: Perform security assessments ranging from Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both the unique systems and technologies used by our customers, as well as approved 3rd party software, open-source software, and vendors
● Security Guidance: Provide threat-based guidance and education to our customers and internal teams through offensive security, with audiences including software engineers, business and technical leaders
● Collaborate with teams to influence measurement and mitigations of discovered vulnerabilities
● Research new and emerging threats to inform the organization including prompt injection, improve red teaming efficacy and accuracy, and stay relevant
● Discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems
● Execute Red Team operations on production AI systems using real world adversarial tactics and techniques to identify failures
● Adversary TTPs: Research, develop, and execute adversary TTPs across the range of the attack lifecycle
● Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
Required Qualifications
● Currently has, or is in the process of obtaining a Bachelor's or Master's degree in Computer Science, Computer Engineering, relevant technical field, or equivalent practical experience. Degree must be completed prior to joining Securin.
● Proven understanding of the attack lifecycle, and offensive security concepts in at least one of the following: Red Team operations, Purple Team engagements, Vulnerability Research, and/or Exploitation.
● Experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, or adversarial machine learning
● Experience with exploiting common security vulnerabilities and bypassing security controls
● Demonstrated impact in Application Security, Penetration Testing, or other related field.
● Experience using penetration testing tools, including any of the following: Nessus, NMAP (Network Mapper), Metasploit, Burp Suite Pro, etc.
● Coding skills, in any of the following languages: C#, Python, C/C++, Go, PowerShell, ASP.NET, JavaScript
● Knowledge of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems.
● Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment
Preferred Qualifications
● OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or similar certifications
● Track record of participation in capture the flag (CTF) competitions.
● Contributions to the security community (public research, blogging, presentations, bug bounty, tooling, etc.)
● Experience with Advanced Persistent Threat (APT) emulation, purple teaming, and/or working with threat intelligence
● Experience performing reverse engineering
● Prior experience with Responsible AI
● Interest in learning about generative AI and foundational models • Prior participation in AI Village DEFCON (Defence Readiness Condition) CTFs (Capture the Flag), MLSec (Machine Learning and Security) competition or enjoyed playing with Gandalf!
● Publications in AISec, NeurIPS, FAccT Penetration Testing IC4
Other Requirements
Ability to meet Securin, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
● Securin Background Check-This position will be required to pass the Securin background check upon hire/transfer and every two years thereafter
Who Should Apply
● Have solid ML-focused Python engineering and research skills, particularly around using and training models.
● Have worked and executed technical research with a team.
● Comfortable with ad-hoc and dynamic experimental science.
○ A lot of this is uncharted territory. We optimize for fast feedback loops. You may need to build your own tooling.
● Can clearly articulate and discuss the findings and importance of your work.
● Are mission driven. You’re motivated to advance Cyber Security and AI security and safety as fast as possible while developing new exploits for software weaknesses and vulnerabilities.
Role-specific policy
This role will be based in Albuquerque, New Mexico and we require candidates who are able to be in our offices more than 50% of the time.
Hybrid policy & US visa sponsorship
Currently, we expect all staff to be in our office at least 50% of the time. We do sponsor candidates who are currently in the United States, and if we make you an offer, we will make every effort to assist you with the sponsorship of a US visa.
Compensation and Benefits
Securin’s compensation package is designed to pay competitively with market rates and includes eligibility to participate in medical, dental, and vision benefits as well as a 401k.
Tags: Application security APT ASP.NET Burp Suite C Computer Science CTF Exploit Exploits Generative AI JavaScript Linux Machine Learning MacOS Metasploit MITRE ATT&CK Nessus Nmap Offensive security OSCE OSCP Pentesting PowerShell Python Red team Reverse engineering SDLC Security assessment Threat intelligence TTPs Vulnerabilities Windows
Perks/benefits: Career development Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs