Offensive Security Engineer/Lead

As the Offensive Security Engineer/Lead, you will spearhead our adversarial simulation, penetration testing, and vulnerability research programs to proactively identify and neutralize security weaknesses. Reporting directly to the Head of Security, you will design and execute sophisticated Red Team campaigns, simulate real-world cyber adversary behaviors, and validate our detection capabilities. You will be responsible for operationalizing threat intelligence by mapping all simulation activities directly to the MITRE ATT&CK framework and the Lockheed Martin Cyber Kill Chain. 

Key Responsibilities

• Offensive Security Program Leadership: Define the strategy, scope, and execution roadmap for enterprise-wide penetration testing, red teaming, and adversary simulation exercises.
• Adversary Simulation & MITRE Mapping: Design and execute complex, multi-stage red team operations that emulate real-world Threat Actors and Advanced Persistent Threats (APTs), meticulously mapping techniques to the MITRE ATT&CK Framework.
• Cyber Kill Chain Validation: Evaluate the efficacy of our security posture across every phase of the Lockheed Martin Cyber Kill Chain (Reconnaissance to Actions on Objectives), identifying gaps in boundary defenses and internal monitoring.
• Purple Teaming Collaboration: Partner closely with the Blue Team (SOC and Incident Response) to conduct Purple Team exercises, using simulation data to refine detection engineering, SIEM alerts, and response playbooks.
• Vulnerability Exploitation & Reporting: Safely exploit vulnerabilities across network infrastructure, cloud environments, and applications. Translate complex technical proof-of-concepts into actionable, risk-prioritized remediation reports for engineering teams.
• Tooling Innovation: Oversee the development, deployment, and safe operation of proprietary offensive security tools, scripts, and command-and-control (C2) frameworks.

Requirements

• Experience: 8+ years of dedicated technical experience in offensive security, ethical hacking, or penetration testing, with at least 2+ years leading a red team or offensive security function.
• Framework Expert: Mastery of the MITRE ATT&CK matrix (Enterprise, Cloud, and Mobile) and deep conceptual understanding of the Lockheed Martin Cyber Kill Chain methodology.
• Technical Environment: Proficient with commercial and open-source offensive tools (e.g., Cobalt Strike, Burp Suite, Metasploit) and deep familiarity with cloud-native security landscapes (AWS, GCP, or Azure).
• Scripting & Exploitation: Strong scripting/programming skills (e.g., Python, Go, PowerShell, Bash) to automate attacks, bypass security controls, and develop custom exploits.
• Certifications: Possession of advanced offensive security certifications such as OSCE, OSEP, OSWE, GXPN, or CRTO (Certified Red Team Operator) is highly preferred.
• Communication: Exceptional communication skills with a proven track record of explaining complex attack vectors and business impacts to both deeply technical engineers and non-technical business executives.

Benefits

Join us as we make magic happen to increase Indonesia’s financial inclusion!