We are seeking a diligent and experienced Offensive Security Engineer to join our team. In this role, you will be working within a group of highly motivated Information Technology and Cybersecurity professionals committed to keeping Central Hudson safe.
Requirements
- Bachelorās degree in Cybersecurity, Information Technology, Computer Science or related field of study.
- Strong knowledge of network, application, and cloud security, including operating systems (Windows and Linux)
- Working knowledge of common offensive security tools, including but not limited to: Metasploit, Cobalt Strike (or equivalents), Burp Suite, Nmap, BloodHound, and CrackMapExec
- Knowledge of vulnerability remediation testing and validating the effectiveness of security controls
- Demonstrated experience collaborating closely with SOC or Blue Team functions to improve detection and incident response maturity
- Ability to develop scripts or tools using Python, PowerShell, Bash, or C#
- Solid understanding of security operations and detection technologies, including SIEM, EDR, IDS/IPS, and endpoint protection, to support adversaryāemulation and purpleāteam activities
- Familiarity with industry security frameworks and methodologies, such as: MITRE ATT&CK, NIST 800ā61 (Incident Response), SANS / CIS Critical Security Controls
- Strong analytical and problemāsolving skills with the ability to assess complex security issues
- Excellent written and verbal communication skills, including the ability to clearly document findings and communicate risk to both technical and nonātechnical audiences
- Ability to work independently with minimal supervision and respond professionally to constructive feedback
- Ability to work nights, weekends, holidays during a critical cyber incident or event
- Valid driverās license
- Preferred: 3+ years of hands-on experience performing offensive security activities such as penetration testing, detection validation, adversary emulation, red teaming, or exploitation of applications, networks, and cloud environments
- Familiarity with evaluating security controls and risk exposure through an attackerās lens, including validation of compensating controls and secure design assumptions
- Experience identifying security weaknesses through threat modeling, attack simulations, and exploitation, with the ability to translate findings into actionable remediation guidance
- Experience in Energy & Utilities or services industry
- Relevant certifications such CISSP, CEH, GPEN, GCIH, OSCP, OSWE, or similar offensive security focused credentials
Benefits
- Competitive compensation
- Medical, dental, and vision insurance
- 401(k) retirement savings plan with substantial company match
- Life and travel insurance
- Tuition assistance
- Wellness reimbursement program
- Paid holidays and vacation
