Fast Facts

Join Degreed as an Offensive Security Engineer where you'll lead red team engagements, penetration tests, and threat simulations to enhance our security posture against evolving threats.

Responsibilities: Lead and execute offensive security assessments, validate vulnerabilities, and collaborate with cross-functional teams to strengthen security measures and reduce risk.

Skills: 3–5 years in offensive security with hands-on experience in using tools like Cobalt Strike, Metasploit, and an understanding of cloud and application security.

Qualifications: Certifications such as OSCP, CRTO, GPEN are preferred, along with scripting experience in PowerShell or Python and knowledge of security frameworks like MITRE ATT&CK.

Location: Remote position based in the US.

Compensation: $150000 - $185000 / Annually

As an Offensive Security Engineer, you’ll play a key role in helping Degreed stay ahead of evolving threats. You’ll lead and execute red team engagements, penetration tests, and threat simulations to uncover and validate vulnerabilities across our cloud, application, and infrastructure environments.

You’ll collaborate closely with security operations, detection, and engineering teams to translate findings into real improvements, strengthening our defenses and making a measurable impact on how we protect our people, data, and platform.

Key Skills

• 3–5 years of experience in offensive security, penetration testing, or red teaming roles.
• Demonstrated ability to exploit systems ethically and communicate technical risk to engineering and business teams.
• Hands-on experience with offensive tools such as Cobalt Strike, Metasploit, Burp Suite, or custom-built tools.
• Solid understanding of attack chains across cloud (Azure/AWS), infrastructure, endpoints, and APIs.
• Familiarity with MITRE ATT&CK, OWASP Top 10, and post-exploitation techniques.

Nice to Have

• Certifications such as OSCP, CRTO, GPEN, or similar red team/pentest credentials.
• Experience with scripting and automation (e.g., PowerShell, Python).
• Exposure to threat detection engineering and EDR/XDR technologies (e.g., Defender, SentinelOne, Splunk).
• Participation in bug bounty programs, CTF competitions, or community red teaming engagements.
• Knowledge of secure software development practices and DevSecOps concepts.

Key Responsibilities

• Red Teaming & Offensive SecurityPlan and execute offensive assessments, including internal/external pen tests, phishing campaigns, and assumed breach exercises.
• Simulate real-world threats using frameworks like MITRE ATT&CK, performing lateral movement, privilege escalation, and safe data access operations.
• Build and maintain red team infrastructure, tools, and custom payloads to test and enhance detection and response capabilities.
• Vulnerability Validation & TestingValidate vulnerabilities to assess true risk and support prioritized remediation.
• Perform manual and automated testing of APIs, cloud environments, apps, and internal systems.
• Collaborate with detection engineers to fine-tune alerts and improve visibility into adversarial behaviors.
• Security Hardening & CollaborationIdentify control gaps and advise infrastructure and DevOps teams on remediation and hardening.
• Support purple team exercises and secure architecture reviews with offensive security insights.
• Share findings, attack paths, and recommendations through well-documented post-exercise reports.
• Performance ExpectationsDeliver red team findings that drive measurable risk reduction.
• Regularly conduct assessments with clear reporting and responsible disclosure.
• Partner cross-functionally to strengthen detection, response, and resilience.
• Maintain a proactive mindset and contribute to a culture of continuous security improvement.

Compensation

We are committed to fair and equitable compensation practices.

The total pay range for this role is $150,000 - $185,000.

Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to: skill set, depth of experience, certifications, and specific work location.