Job Description – Offensive Cyber Security Engineer
Location
Porto, Portugal (Hybrid)
As an Offensive Cyber Security Engineer, you will act as an ethical attacker, continuously identifying, validating, and helping remediate critical security risks across cloud-native infrastructure, applications, APIs, and corporate environments. This is a highly technical, hands-on role combining advanced threat modeling with real-world breach and attack simulation.
Key Responsibilities
Lead structured threat modeling activities (STRIDE, attack trees, MITRE ATT&CK) for new features and architectural changes
Design and execute advanced red team engagements and breach & attack simulation (BAS) campaigns
Conduct persistent and stealthy operations simulating advanced threat actors
Perform assume-breach scenarios across endpoints, cloud, identities, and external attack surfaces
Execute physical, social engineering, and hybrid attack scenarios when required
Run automated and manual adversary emulation campaigns using industry tools (e.g., Cobalt Strike, Sliver, Caldera, Atomic Red Team)
Develop custom tooling, payloads, and infrastructure to bypass modern security controls (EDR/XDR, SIEM)
Perform post-exploitation activities and lateral movement across Azure, Kubernetes, Active Directory, and SaaS environments
Provide actionable remediation guidance and collaborate with blue teams and engineering
Contribute to detection engineering through threat intelligence, playbooks, and detection logic
Track and report on attack surface and critical risk exposure
Mentor junior team members and promote offensive security awareness
Requirements
Bachelor's degree in Computer Science, Information Security, or related field
Master's degree is a plus
Experience
5+ years of hands-on experience in offensive security (red teaming, penetration testing, or similar)
Proven experience executing full-scope red team operations, especially in Azure environments
Technical Skills
Deep expertise in threat modeling methodologies and practical application
Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs
Advanced scripting/development skills (Python, Go, PowerShell, Bash)
Experience with C2 frameworks (Cobalt Strike, Sliver, Covenant, etc.)
Strong understanding of cloud (Azure), Kubernetes, IAM, CI/CD, and modern architectures
Experience with post-exploitation, lateral movement, and evasion techniques
Certifications (Strongly Preferred)
OSCP, OSCE, OSEP, CARTP
CRTO, PNPT, GREM or equivalent
Nice to Have
Blue team or detection engineering experience
Experience with BAS platforms (e.g., SafeBreach, XM Cyber, AttackIQ)
Contributions to security research, bug bounty, or open-source projects
Experience in social engineering, physical security, and OSINT
Soft Skills
Strong communication and stakeholder engagement skills
Ability to collaborate across technical and non-technical teams
Analytical mindset with strong problem-solving capabilities
Languages
Fluent in English
French is a plus