Offensive Security Engineer

Offensive Security Engineer

Shift4 is expanding globally and hiring a key Offensive Security Engineer for their Information Security team. This individual will be responsible for supporting Shift4’s cybersecurity defense through proactive penetration testing, vulnerability assessments, and security risk evaluations. This is a Junior level position where an individual is proactive in building their skills in ethical hacking and exploit discovery, helping identify and address security flaws in network infrastructure, applications, and systems. The Offensive Security Engineer will work closely with senior engineers to gain hands-on experience with attack simulation and assist in improving overall security posture.

This role is onsite based at any of the following Shift4 locations: Las Vegas, NV / Tampa, FL / Atlanta, GA / Center Valley, PA / Morrisville, NC

Responsibilities:

• Assist in developing and executing offensive security strategies to uncover potential exploits.
• Identify security risks and weaknesses, delivering detailed reports with mitigation recommendations.
• Conduct vulnerability assessments and penetration testing of web applications, networks, and systems.
• Collaborate with security teams to help triage and remediate identified vulnerabilities.
• Use automated tools and manual techniques to identify and exploit vulnerabilities.
• Simulate cyberattacks to assess the organization’s security controls.
• Conduct social engineering campaigns to identify areas and individuals in need of training
• Stay up-to-date with emerging cybersecurity threats, tools, and methodologies.
• Participate in red teaming exercises to emulate real-world attack scenarios.
• Document findings and assist in the creation of reports for both technical and non-technical audiences.
• Work with cross-functional teams to ensure vulnerabilities are resolved in a timely manner.
• Follow industry best practices and regulatory compliance standards in security testing.
  

Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field, or equivalent practical experience. 
• Minimum of 1 year of experience in hands-on professional work experience with penetration testing, to include required tools (e.g., Burp Suite, Metasploit, Nmap) and the use of basic security concepts, including network security, application security, and common attack vectors.
• Knowledge of programming or scripting languages (e.g., Python, Bash).
• Strong problem-solving skills with attention to detail.
• Good communication skills, both written and verbal.
• Ability to work collaboratively in a team environment.

Additional skills that are a plus to have: 

• Knowledge of common vulnerability databases and security frameworks (e.g., OWASP Top 10, MITRE ATT&CK).
• Familiarity with security monitoring and alerting tools (e.g., SIEM systems).
• Industry certifications (e.g., CompTIA Security+, CEH, OSCP, CompTIA PenTest+, eJPT, GIAC Security Essentials (GSEC), etc.).
• Basic knowledge of cloud security principles and platforms (AWS, Azure, GCP)