Hybrid opportunity in Scottsdale, AZ with a major U.S. financial technology company that powers and protects critical payments infrastructure used by hundreds of millions of consumers and small businesses. Tech stack includes Python, PowerShell, Go, AWS/Azure cloud environments, the MITRE ATT&CK framework, and modern adversary emulation toolsets (Cobalt Strike, CALDERA, Atomic Red Team, and similar). This is a full-time, direct-hire Senior Red Team Engineer role on the Offensive Security team.

This is not a checkbox pen testing role. You’ll be doing real adversary emulation against one of the highest-value target environments in the country — payments infrastructure relied on by millions every day. Financially-motivated APTs aren’t a hypothetical here; they’re the actual threat model. You’ll run red team campaigns, partner with the blue team on purple team exercises, build your own tooling, and prove real-world blast radius on findings that matter. They’re looking for an operator who thinks like a threat actor, can pivot from a single vulnerability to org-wide impact, and wants to grow technically without being pushed into management. You’ll report directly to the Director of Offensive Security, work alongside a sharp and well-resourced team, and have real influence over how the organization defends itself. Strong work-life balance with flexible PTO, 12 weeks of paid parental leave, and a 100% safe harbor 401(k) match on the first 6% — plus a culture that genuinely supports learning, conference attendance, and certification growth.

Required Skills & Experience

• 6+ years of information security experience, with at least 2 years in offensive security roles
• Hands-on experience running red team campaigns and adversary emulation exercises
• Strong working knowledge of tools and techniques for network, cloud, and web-based campaigns, plus the ability to develop and execute new exploits at scale
• Solid grasp of threat modeling, cloud security, cryptography, authentication & authorization, and defensive detection techniques (including offensive evasion)
• Proficiency writing and maintaining scripts in PowerShell, Python, and Go
• Strong written and verbal communication; able to brief both technical and non-technical audiences
• Bachelor’s degree in a relevant field or equivalent practical experience

Desired Skills & Experience

• Hands-on experience with adversary emulation frameworks and C2 platforms (Cobalt Strike, Mythic, Sliver, CALDERA, Atomic Red Team, etc.)
• Deep understanding of MITRE ATT&CK, MITRE CAPEC, and the Cyber Kill Chain
• Mobile application testing and vulnerability research experience
• Practical offensive security certifications: OSCP, OSEP, ePTX, GPEN, HTB CPTS, or equivalent
• Cloud certifications: AWS SAA/SAP, AWS Security Specialty, or equivalent
• Experience moving from a single vulnerability to identifying organization-wide impact

What You Will Be Doing

Tech Breakdown

• 40% Cloud (AWS / Azure) offensive security
• 30% Network & internal infrastructure red teaming
• 20% Web and application-layer exploitation
• 10% Mobile application testing

Daily Responsibilities

• 70% Hands-on (campaigns, exercises, tooling development, exploit research)
• 20% Team collaboration (purple team work, scoping with internal security partners, IR/CTI support)
• 10% Reporting and stakeholder communication

The Offer

• Base salary: $132,000 – $165,000
• Discretionary incentive / bonus eligible

You will receive the following benefits:

• Medical, Dental, and Vision Insurance (PPO/HDHP options with HSA company contributions)
• Flexible PTO for exempt employees, plus 11 paid company holidays and a paid volunteer day
• 401(k) with 100% safe harbor match on first 6% (immediate eligibility)
• 12 weeks paid parental leave
• Family planning benefits including fertility, adoption, and surrogacy support
• Commuter and dependent care FSA options