Senior Offensive Security Engineer
Role details
Job location
Tech stack
Job description
controls from an attacker perspective. The team perform regular Adversary Simulation (Red Team) testing and a range of Ad-Hoc and Tactical Assessments based on changes to the threat landscape and organisational needs. To succeed in this role, you have breadth and depth of knowledge in security. This knowledge will include operating systems, networking and protocols, firewalls, databases, and middleware applications. Additionally, you will have expertise in forensics, scripting and programming, vulnerabilities, and the usage of GenAI / social engineering techniques. This is a Hybrid, Nottingham or London based role (40% in office) reporting to the Head of Offensive Security. Responsibilities Collaborate with other teams within the Cyber Fusion Centre and the wider organisation. This ensures that we understand and articulate Cyber Risks in a threat-informed manner. The ultimate goal is to contribute to the successful defense of the organisation. Support Offensive Security's engagement at
Requirements
Offensive Security, Adversary Simulation, Red Team Testing, Physical Exploitation, Network Exploitation, Social Engineering, Cyber Threat Intelligence, Offensive Security Research, Scripting, Automation, AI, MITRE ATT&CK Framework, Exploit Development, Cloud Security, Windows Operating System, Active Directory, adversary simulation. Detailed knowledge of global cyber threats and the procedures used by cyber adversaries. Two or more of the following skills: Network penetration testing and manipulation of network infrastructure Web application penetration testing assessments Email, phone, or physical social-engineering assessments Development, extension, or modifying of exploits, shecode or exploit tools Covert physical intrusion Cloud security or penetration testing (any major provider) AI Red Teaming/Testing and usage of Agentic AI for automation. Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN or equivalent experience. Specialist skills: Proficient in attacker tooling, including post-exploitation frameworks and tooling. Proficient in any of following programming languages (C, C++, C#, Python, PowerShell, Bash, or Ruby) Proficient in Social Engineering techniques across OSINT, phishing, vishing and impersonation. Knowledge of current cloud attack methodologies and mitigations. Experience of Windows Operating System architecture and internals and use thereof in an enterprise environment. Core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems Knowledge of IT technologies and methods to secure them i.e. databases, SharePoint, storage area networks and cloud-based storage. Additional Information Benefits package includes: Great compensation package and discretionary bonus plan Core benefits include pension, bupa healthcare, sharesave scheme and more 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here Employee Status: Regular Role Type: Home Department: Information Technology & Systems Schedule: Full Time Responsibilities The role involves collaborating across the Cyber Fusion Centre to articulate Cyber Risks in a threat-informed manner, ultimately contributing to organizational defense. Responsibilities include performing physical exploitation, network exploitation, and social engineering assessments against authorized targets.
