Offensive Cyber Security Engineer Location Porto, Portugal (Hybrid) Responsibilities Lead structured threat modelling activities (STRIDE, attack trees, MITRE ATT&CK) for new features and architectural changes. Design and execute advanced red team engagements and breach & attack simulation (BAS) campaigns. Conduct persistent and stealthy operations simulating advanced threat actors. Perform assume-breach scenarios across endpoints, cloud, identities, and external attack surfaces. Execute physical, social engineering, and hybrid attack scenarios when required. Run automated and manual adversary emulation campaigns using industry tools (e.g., Cobalt Strike, Sliver, Caldera, Atomic Red Team). Develop custom tooling, payloads, and infrastructure to bypass modern security controls (EDR/XDR, SIEM). Perform post-exploitation activities and lateral movement across Azure, Kubernetes, Active Directory, and SaaS environments. Provide actionable remediation guidance and collaborate with blue teams and engineering. Contribute to detection engineering through threat intelligence, playbooks, and detection logic. Track and report on attack surface and critical risk exposure. Mentor junior team members and promote offensive security awareness. Requirements Bachelor's degree in Computer Science, Information Security, or related field (Master's degree is a plus). 5+ years of hands-on experience in offensive security (red teaming, penetration testing, or similar). Proven experience executing full-scope red team operations, especially in Azure environments. Deep expertise in threat modelling methodologies and practical application. Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs. Advanced scripting/development skills (Python, Go, PowerShell, Bash). Experience with C2 frameworks (Cobalt Strike, Sliver, Covenant, etc.). Strong understanding of cloud (Azure), Kubernetes, IAM, CI/CD, and modern architectures. Experience with post-exploitation, lateral movement, and evasion techniques. OSCP, OSCE, OSEP, CARTPCRTO, PNPT, GREM or equivalent. Blue team or detection engineering experience. Experience with BAS platforms (e.g., SafeBreach, XM Cyber, AttackIQ). Contributions to security research, bug bounty, or open-source projects. Experience in social engineering, physical security, and OSINT. Strong communication and stakeholder engagement skills. Ability to collaborate across technical and non-technical teams. Analytical mindset with strong problem-solving capabilities. Fluent in English; French is a plus. #J-*****-Ljbffr