Skeleton Key Group

The Offensive Security Operator is a specialized technical role focused on identifying, exploiting, and reporting security vulnerabilities before malicious actors can leverage them. Unlike traditional auditors, you will take an adversarial approach, simulating real-world attacks to test the resilience of our clients. You will not just find "bugs," but chain together vulnerabilities to demonstrate systemic risk, helping client's defensive teams sharpen their detection and response capabilities.

ABOUT THE JOB

Key Responsibilities & Performance Expectations1. Full-Spectrum Adversarial SimulationsExecution: Conduct end-to-end Red Team engagements, including reconnaissance, initial access, lateral movement, and data exfiltration.Custom Tooling: Develop bespoke scripts and payloads (Python, Go, PowerShell, or C++) to bypass EDR/AV solutions and maintain persistence.Social Engineering: Design and execute sophisticated phishing or physical security assessments when required.2. Vulnerability Research & ExploitationPerform deep-dive manual penetration testing on web applications, cloud environments (AWS/Azure/GCP), and network infrastructure.Stay ahead of the curve by researching Zero-Day vulnerabilities and emerging TTPs (Tactics, Techniques, and Procedures) used by known APT groups.3. Collaboration & "Purple Teaming"Empathy-Driven Reporting: Translate complex technical findings into actionable executive summaries and detailed remediation paths for developers.Defensive Uplift: Work alongside the SOC and Blue Team to verify if their telemetry caught your "malicious" activity, helping to tune detection rules.4. Technical DocumentationMaintain rigorous logs of attack timelines to assist in post-engagement forensic analysis.Contribute to the company’s internal knowledge base and proprietary exploit frameworks.Minimum QualificationsExperience: 5+ years in professional penetration testing or Red Teaming operations.Certifications: OSCP, OSEP, CRTO, or equivalent proven "hands-on" experience.OS Fluency: Expert-level knowledge of Linux/Unix and Windows internals (Active Directory attacks are a must).Mindset: A persistent, creative, and ethically grounded mentality.

RESPONSIBILITIES✨

• Conduct end-to-end Red Team engagements, including reconnaissance, initial access, lateral movement, and data exfiltration.
• Develop bespoke scripts and payloads (Python, Go, PowerShell, or C++) to bypass EDR/AV solutions and maintain persistence.
• Design and execute sophisticated phishing or physical security assessments when required.
• Perform deep-dive manual penetration testing on web applications, cloud environments (AWS/Azure/GCP), and network infrastructure.
• Translate complex technical findings into actionable executive summaries and detailed remediation paths for developers.
• Work alongside the SOC and Blue Team to verify if their telemetry caught your 'malicious' activity, helping to tune detection rules.
• Maintain rigorous logs of attack timelines to assist in post-engagement forensic analysis.
• Contribute to the company’s internal knowledge base and proprietary exploit frameworks.

QUALIFICATIONS✨

• 5+ years in professional penetration testing or Red Teaming operations.
• Certifications: OSCP, OSEP, CRTO, or equivalent proven 'hands-on' experience.
• Expert-level knowledge of Linux/Unix and Windows internals (Active Directory attacks are a must).
• A persistent, creative, and ethically grounded mentality.

OTHER

May require in-person work at client's site occasionally.