Senior Cloud Security Engineer

About the Role We are seeking a Senior Security Engineer to simulate real-world adversaries and identify high-impact vulnerabilities across enterprise and cloud environments. This role focuses on executing realistic adversary simulations, penetration testing, and attack path analysis, partnering closely with defensive teams to improve detection and response capabilities. The ideal candidate is a hands-on offensive security professional with deep expertise in exploitation, post-exploitation, and adversary tactics. What You’ll Do Plan and execute advanced red team engagements across enterprise environments. Emulate real-world threat actors using MITRE ATT&CK-aligned techniques. Chain vulnerabilities into realistic attack paths with business impact. Simulate multi-stage attacks to evaluate organizational resilience. Conduct penetration testing across: Web applications and APIs, cloud environments (IAM abuse, misconfigurations), identity systems (Active Directory / Entra ID) and internal networks and endpoints Identify and exploit vulnerabilities to demonstrate real-world risk. Perform lateral movement, persistence, and privilege escalation activities. Test and bypass security controls and detection mechanisms. Operate and customize command-and-control (C2) frameworks: Cobalt Strike, Sliver, Mythic, or equivalent Develop scripts, payloads, and tooling to support operations. Validate cloud security posture controls through adversarial techniques. Exploit identity misconfigurations, exposed credentials, and privilege escalation paths. Assess real-world impact of cloud exposure risks. Partner with SOC and blue teams to conduct purple team exercises. Help improve detection rules, alert quality, and response capabilities. Provide insight into attacker techniques to enhance defensive strategies. Deliver clear, actionable reports with: Risk-prioritized findings, attack path analysis, and practical remediation guidance Translate technical findings into business-relevant risk insights. What You’ll Bring 6-8+ years in offensive security, penetration testing, or red teaming. Proven experience executing full-scope red team engagements. Strong expertise in: Exploitation (web, network, identity systems), post-exploitation and lateral movement and privilege escalation techniques Experience with C2 frameworks and evasion techniques. Deep understanding of MITRE ATT&CK framework. Strong scripting or programming skills (Python, PowerShell, C#, etc.). What Will Set You Apart Experience with cloud penetration testing (AWS, Azure, GCP). Background in exploit development or custom tooling. Certifications such as OSCP, OSEP, CRTO, OSCE.