Offensive Cyber Security Engineer

Description

Summary: As an Offensive Cyber Security Engineer, you will act as an ethical attacker, continuously identifying, validating, and helping remediate critical security risks. Highlights: 1. Lead structured threat modeling activities 2. Design and execute advanced red team engagements 3. Develop custom tooling to bypass modern security controls #### **Sobre o trabalho Offensive Cyber Security Engineer** **Job Description – Offensive Cyber Security Engineer** ======================================================= ### **Location** Porto, Portugal (Hybrid) As an Offensive Cyber Security Engineer, you will act as an ethical attacker, continuously identifying, validating, and helping remediate critical security risks across cloud\-native infrastructure, applications, APIs, and corporate environments. This is a highly technical, hands\-on role combining advanced threat modeling with real\-world breach and attack simulation. **Key Responsibilities** ------------------------ * Lead structured threat modeling activities (STRIDE, attack trees, MITRE ATT\&CK) for new features and architectural changes * Design and execute advanced red team engagements and breach \& attack simulation (BAS) campaigns * Conduct persistent and stealthy operations simulating advanced threat actors * Perform assume\-breach scenarios across endpoints, cloud, identities, and external attack surfaces * Execute physical, social engineering, and hybrid attack scenarios when required * Run automated and manual adversary emulation campaigns using industry tools (e.g., Cobalt Strike, Sliver, Caldera, Atomic Red Team) * Develop custom tooling, payloads, and infrastructure to bypass modern security controls (EDR/XDR, SIEM) * Perform post\-exploitation activities and lateral movement across Azure, Kubernetes, Active Directory, and SaaS environments * Provide actionable remediation guidance and collaborate with blue teams and engineering * Contribute to detection engineering through threat intelligence, playbooks, and detection logic * Track and report on attack surface and critical risk exposure * Mentor junior team members and promote offensive security awareness ### **Requirements** * Bachelor's degree in Computer Science, Information Security, or related field * Master's degree is a plus ### **Experience** * 5\+ years of hands\-on experience in offensive security (red teaming, penetration testing, or similar) * Proven experience executing full\-scope red team operations, especially in Azure environments ### **Technical Skills** * Deep expertise in threat modeling methodologies and practical application * Strong knowledge of MITRE ATT\&CK, Cyber Kill Chain, and adversary TTPs * Advanced scripting/development skills (Python, Go, PowerShell, Bash) * Experience with C2 frameworks (Cobalt Strike, Sliver, Covenant, etc.) * Strong understanding of cloud (Azure), Kubernetes, IAM, CI/CD, and modern architectures * Experience with post\-exploitation, lateral movement, and evasion techniques ### **Certifications (Strongly Preferred)** * OSCP, OSCE, OSEP, CARTP * CRTO, PNPT, GREM or equivalent ### **Nice to Have** * Blue team or detection engineering experience * Experience with BAS platforms (e.g., SafeBreach, XM Cyber, AttackIQ) * Contributions to security research, bug bounty, or open\-source projects * Experience in social engineering, physical security, and OSINT ### **Soft Skills** * Strong communication and stakeholder engagement skills * Ability to collaborate across technical and non\-technical teams * Analytical mindset with strong problem\-solving capabilities ### **Languages** * Fluent in English * French is a plus