Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been name in the 100 “World’s Most Innovative Companies” by Forbes Magazine. 

　　What you’ll be doing 

　　Experian’s Offensive Security team is charged with improving the organization’s security posture through clarifying risk and verifying the efficacy of our technical, people, physical and process controls from an attacker perspective. In order to accomplish this, the team performs regular Adversary Simulation (Red Team) testing, leads and contributes to Purple Team Exercises and performs Ad-Hoc and Tactical Assessments based on changes to the threat landscape and organizational needs. 

　　As a Lead Engineer within the Offensive Security team, you will lead and participate in the design and execution of both campaign-based adversary simulation assessments and tactical assessments, whilst contributing to collaborative Purple Team exercises. Successful team members must be capable of evaluating environments, applications, systems and processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies. In addition, all team members are expected to be able to provide an “attacker perspective” and be able to effectively communicate highly complex technical issues to a variety of audiences. 

　　To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming. All Offensive Security team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge. 

　　Responsibilities 

　　Collaborate closely with other teams within the Cyber Fusion Centre and the wider organization to ensure threat-informed Cyber Risks are understood and articulated appropriately, with a goal of contributing to the successful defense of the organization

　　Perform engagement at multiple organizational levels, from senior leaders to technical analysts to help drive risk understanding and verify the efficacy of remediation/mitigative actions

　　Actively participate in performing physical exploitation, network exploitation and social engineering assessments against authorized targets

　　Leverage CyberThreat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian’s control environment

　　Continuously research and stay up to date with the latest cyber threats, attack vectors and attacker methodologies

　　Provide remediation recommendations across the organization to aid with mitigation of identified Cyber Risks

　　Actively engage in all phases of Offensive Security operations

　　Develop scripts, tools and methodologies to increase Offensive Security’s capabilities and educate other team members

　　Leverage MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance

　　What your background looks like 

　　Relevant, recent and verifiable experience in offensive security and adversary simulation

　　Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services and healthcare sectors

　　10+ years’ experience in Cyber Security in enterprise environments 

　　5+ years’ experience in two or more of the following areas: 

　　Network penetration testing and manipulation of network infrastructure 

　　Web application penetration testing assessments 

　　Email, phone, or physical social-engineering assessments 

　　Developing, extending, or modifying exploits, shell code or exploit tools 

　　Red/Purple teaming exercises 

　　Covert physical intrusion 

　　Cloud security or penetration testing (any major provider) 

　　Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN or equivalent experience

　　Proficient in attacker tooling, including post-exploitation frameworks and tooling

　　Proficient in one or more of the following programming languages (C, C++, C#, Go) 

　　Proficient in one or more of the following scripting languages (Python, PowerShell, Bash, Ruby) 

　　Excellent communicator, both written and oral, particularly around Threat and Risk

　　Knowledge of current cloud attack methodologies and mitigations

　　Advanced knowledge of Windows Operating System architecture and internals and use thereof in an enterprise environment

　　Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems 

　　Extensive knowledge of IT technologies and methods to secure them, specifically for databases, SharePoint, storage area networks, cloud-based storage, and data warehouses 

　　Perks

　　​​​​​​20 days of vacation accrued annually, five sick days, and two volunteer days (plus twelve paid holidays)

　　Competitive pay and comprehensive benefits package, with a bonus target of 20%

　　This role can be 100% remote long-term or you can work out of one of our offices

　　People-focused culture where personal and professional growth is prioritized

　　Recognition and celebration of performance and achievements

　　Power to bring your whole self to work – where your differences and values will be respected and celebrated

　　Employee Resource Groups set up and run by employees, for employees. These networks build, celebrate, and further understanding of the diverse identity and experiences within Experian, in support of our commitment to diversity and inclusion

　　International network of peers; mentorship programs

　　All your information will be kept confidential according to EEO guidelines.

　　Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above.  Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education.  This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

　　Experian is proud to be an Equal Opportunity and Affirmative Action employer. We’re passionate about unlocking the power of data to transform lives and create opportunities for consumers, businesses, and society. For more than 125 years, we’ve helped people and economies flourish – and we’re not done.

　　We take our people’s agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, collaboration, wellness, reward & recognition, volunteering, making an impact... the list goes on. See our DEI work in action (https://www.experian.com/diversity/our-commitment/index) !

　　The power of YOU (https://www.experianplc.com/media/4459/english-experiandei-report_2022.pdf) . We are building a culture where everyone is comfortable bringing their whole self to work. A place where we not only respect our differences and values but celebrate them in a positive and supportive environment.

　　Find out what is like to work for Experian and discover the Unexpected (https://www.experian.com/careers/) !