Offensive Cyber Security Engineer

LUZA GroupPortugal1 day ago

Full-timeRemote FriendlyOther

Track This Job

Add this job to your tracking list to:

Monitor application status and updates
Change status (Applied, Interview, Offer, etc.)
Add personal notes and comments
Set reminders for follow-ups
Track your entire application journey

Save This Job

Add this job to your saved collection to:

Access easily from your saved jobs dashboard
Review job details later without searching again
Compare with other saved opportunities
Keep a collection of interesting positions
Receive notifications about saved jobs before they expire

AI-Powered Job Summary

Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.

Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.

Job Description – Offensive Cyber Security Engineer

Location

Porto, Portugal (Hybrid)

As an Offensive Cyber Security Engineer, you will act as an ethical attacker, continuously identifying, validating, and helping remediate critical security risks across cloud-native infrastructure, applications, APIs, and corporate environments. This is a highly technical, hands-on role combining advanced threat modeling with real-world breach and attack simulation.

Key Responsibilities

Lead structured threat modeling activities (STRIDE, attack trees, MITRE ATT&CK) for new features and architectural changes
Design and execute advanced red team engagements and breach & attack simulation (BAS) campaigns
Conduct persistent and stealthy operations simulating advanced threat actors
Perform assume-breach scenarios across endpoints, cloud, identities, and external attack surfaces
Execute physical, social engineering, and hybrid attack scenarios when required
Run automated and manual adversary emulation campaigns using industry tools (e.g., Cobalt Strike, Sliver, Caldera, Atomic Red Team)
Develop custom tooling, payloads, and infrastructure to bypass modern security controls (EDR/XDR, SIEM)
Perform post-exploitation activities and lateral movement across Azure, Kubernetes, Active Directory, and SaaS environments
Provide actionable remediation guidance and collaborate with blue teams and engineering
Contribute to detection engineering through threat intelligence, playbooks, and detection logic
Track and report on attack surface and critical risk exposure
Mentor junior team members and promote offensive security awareness

Requirements

Bachelor’s degree in Computer Science, Information Security, or related field
Master’s degree is a plus

Experience

5+ years of hands-on experience in offensive security (red teaming, penetration testing, or similar)
Proven experience executing full-scope red team operations, especially in Azure environments

Technical Skills

Deep expertise in threat modeling methodologies and practical application
Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs
Advanced scripting/development skills (Python, Go, PowerShell, Bash)
Experience with C2 frameworks (Cobalt Strike, Sliver, Covenant, etc.)
Strong understanding of cloud (Azure), Kubernetes, IAM, CI/CD, and modern architectures
Experience with post-exploitation, lateral movement, and evasion techniques

Certifications (Strongly Preferred)

OSCP, OSCE, OSEP, CARTP
CRTO, PNPT, GREM or equivalent

Nice to Have

Blue team or detection engineering experience
Experience with BAS platforms (e.g., SafeBreach, XM Cyber, AttackIQ)
Contributions to security research, bug bounty, or open-source projects
Experience in social engineering, physical security, and OSINT

Soft Skills

Strong communication and stakeholder engagement skills
Ability to collaborate across technical and non-technical teams
Analytical mindset with strong problem-solving capabilities

Languages

Fluent in English
French is a plus

Key Skills

Ranked by relevance

Ready to apply?

Join LUZA Group and take your career to the next level!

Application takes less than 5 minutes

Apply