Senior Red Team Engineer / Hybrid / Scottsdale

About The RoleWe’re hiring a Senior Red Team Engineer to join a trusted payments technology company that powers and protects major financial products used by millions of consumers. This is a hybrid role based in Scottsdale, focused on offensive security, adversary emulation, purple team testing, cloud/web/network campaigns, and real-world attack simulation.Why This Role RocksThis is a high-impact offensive security role where you’ll be identifying emerging threats, building proof-of-concept attacks, testing enterprise defenses, and helping security teams understand real-world blast radius. You’ll work across red team campaigns, purple team exercises, exploit development, cloud security, detection evasion, and threat replication in a highly regulated financial technology environment.Required Skills & Experience6+ years of information security experience 2+ years of hands-on offensive security experience Red team campaign and adversary emulation experience Experience with network, cloud, and web application security testing Ability to develop exploits and execute attacks at scale Strong scripting experience with Python, PowerShell, and/or Go Knowledge of threat modeling, cloud security, cryptography, authentication, authorization, and defensive detection techniques Experience writing reports and presenting findings to technical and non-technical stakeholders Strong understanding of vulnerability impact, blast radius, and real-world exploitability Bachelor’s degree in a relevant field or equivalent professional experience Desired Skills & ExperienceExperience with adversary emulation toolsets Ability to take a single vulnerability and assess organization-wide impact MITRE ATT&CK, MITRE CAPEC, and Cyber Kill Chain experience Mobile application security testing experience Offensive security certifications such as OSCP, ePTX, GPEN, HTB CPTS, or similar Cloud security certifications such as AWS SAA, AWS SAP, AWS Security Specialty, or equivalent Tech BreakdownWhat You Will Be Doing:30% Red team campaigns and adversary emulation 20% Purple team exercises and control efficacy testing 15% Cloud, web, and network security testing 15% Exploit development, scripting, and automation 10% Vulnerability impact and blast-radius analysis 10% Reporting, remediation guidance, and security team collaboration Daily Responsibilities50% Hands-on offensive security testing, attack simulation, and vulnerability validation 25% Building scripts, tools, proof-of-concepts, and automation to support engagements 15% Partnering with internal security, incident response, and threat intelligence teams 10% Reporting findings, documenting risk, and presenting remediation recommendations Posted By: Isabella Sweet