AXS
Principal Penetration Testing Engineer – AXS
AXS connects fans with the artists and teams they love, selling millions of tickets each year for concerts, festivals, sports, and theatre. Founded in 2011, AXS has driven industry innovation and is now a leader in live‑entertainment technology.
Role Overview As a Principal Penetration Testing Engineer, you will lead advanced adversary emulation campaigns, hunt threats in production environments, and bridge offense and defense through purple‑team operations. Your expertise will shape AXS’s security strategy, guide executive‑level decisions, and help protect our high‑volume, consumer‑facing and enterprise systems.
What You’ll Do
Design complex red‑team operations spanning weeks or months, covertly testing detection and response capabilities.
Build and maintain sophisticated C2 infrastructure, including multi‑layer redirects, domain fronting, and encrypted covert channels.
Create adversary emulation playbooks for tabletop exercises and detection validation.
Develop custom tooling, exploits, and evasion techniques to bypass modern security controls (EDR, SIEM, DLP, next‑gen firewalls).
Refine detection‑engineering rules based on offensive TTPs to enhance blue‑team visibility.
Facilitate purple‑team exercises, coordinating red and blue teams for continuous improvement.
Lead adversary‑emulation campaigns mapped to MITRE ATT&CK and realistic APT simulations.
Conduct proactive threat hunts using hypothesis‑driven investigation and behavioral analytics.
Perform zero‑day research, fuzz testing, and novel attack‑surface exploration.
Test detection capabilities, identify blind spots, and tune controls for higher fidelity.
Provide expert advice on eviction operations and simultaneous remediation during active incidents.
Engage live adversaries to gather intelligence and develop containment strategies.
Serve as a cybersecurity SME during incidents, applying offensive expertise to threat hunting and attack‑path reconstruction.
Qualifications
B.S. in Computer Science or 10 years of full‑time computer‑science experience in lieu of a degree.
15+ years in information security with at least 5 years in offensive security (red team, pen testing, exploit development).
5+ years in incident response, threat hunting, or defensive operations.
Proven track record leading large‑scale red‑team engagements against enterprise or Fortune 500 environments.
Experience as a technical SME or incident manager during complex security incidents.
Expertise in adversary‑emulation campaigns.
Nice to have: Security research contributions (published CVEs, conference talks), Git and CI/CD security experience, event‑driven tech (Kafka), NOSQL technologies (Elasticsearch, DynamoDB), or ticketing‑industry background.
Pay Scale $180,000 – $225,000 (base) with eligible bonus under current plan.
Benefits Full‑time employees receive medical, dental, vision, paid holidays, vacation, sick time, life insurance, parental leave, 401(k) match 3%, flexible spending/health savings, and wellness programs. Benefits are available on day one.
What’s in it for You?
Extraordinary People
– work with talented, highly motivated peers.
Meaningful Mission
– help revolutionize the entertainment industry.
Development & Learning
– training, education reimbursement, and career growth.
Community & Belonging – access to Employee Resource Groups, volunteer opportunities, and inclusion initiatives.
Equal Opportunity Employer AEG reserves the right to change or modify employee job descriptions at any time. We are an equal‑opportunity employer; we do not discriminate on the basis of race, color, marital status, disability, religion, age, sex, sexual orientation, national origin, genetic information, veteran status, or any other legally protected status.
#J-18808-Ljbffr
Role Overview As a Principal Penetration Testing Engineer, you will lead advanced adversary emulation campaigns, hunt threats in production environments, and bridge offense and defense through purple‑team operations. Your expertise will shape AXS’s security strategy, guide executive‑level decisions, and help protect our high‑volume, consumer‑facing and enterprise systems.
What You’ll Do
Design complex red‑team operations spanning weeks or months, covertly testing detection and response capabilities.
Build and maintain sophisticated C2 infrastructure, including multi‑layer redirects, domain fronting, and encrypted covert channels.
Create adversary emulation playbooks for tabletop exercises and detection validation.
Develop custom tooling, exploits, and evasion techniques to bypass modern security controls (EDR, SIEM, DLP, next‑gen firewalls).
Refine detection‑engineering rules based on offensive TTPs to enhance blue‑team visibility.
Facilitate purple‑team exercises, coordinating red and blue teams for continuous improvement.
Lead adversary‑emulation campaigns mapped to MITRE ATT&CK and realistic APT simulations.
Conduct proactive threat hunts using hypothesis‑driven investigation and behavioral analytics.
Perform zero‑day research, fuzz testing, and novel attack‑surface exploration.
Test detection capabilities, identify blind spots, and tune controls for higher fidelity.
Provide expert advice on eviction operations and simultaneous remediation during active incidents.
Engage live adversaries to gather intelligence and develop containment strategies.
Serve as a cybersecurity SME during incidents, applying offensive expertise to threat hunting and attack‑path reconstruction.
Qualifications
B.S. in Computer Science or 10 years of full‑time computer‑science experience in lieu of a degree.
15+ years in information security with at least 5 years in offensive security (red team, pen testing, exploit development).
5+ years in incident response, threat hunting, or defensive operations.
Proven track record leading large‑scale red‑team engagements against enterprise or Fortune 500 environments.
Experience as a technical SME or incident manager during complex security incidents.
Expertise in adversary‑emulation campaigns.
Nice to have: Security research contributions (published CVEs, conference talks), Git and CI/CD security experience, event‑driven tech (Kafka), NOSQL technologies (Elasticsearch, DynamoDB), or ticketing‑industry background.
Pay Scale $180,000 – $225,000 (base) with eligible bonus under current plan.
Benefits Full‑time employees receive medical, dental, vision, paid holidays, vacation, sick time, life insurance, parental leave, 401(k) match 3%, flexible spending/health savings, and wellness programs. Benefits are available on day one.
What’s in it for You?
Extraordinary People
– work with talented, highly motivated peers.
Meaningful Mission
– help revolutionize the entertainment industry.
Development & Learning
– training, education reimbursement, and career growth.
Community & Belonging – access to Employee Resource Groups, volunteer opportunities, and inclusion initiatives.
Equal Opportunity Employer AEG reserves the right to change or modify employee job descriptions at any time. We are an equal‑opportunity employer; we do not discriminate on the basis of race, color, marital status, disability, religion, age, sex, sexual orientation, national origin, genetic information, veteran status, or any other legally protected status.
#J-18808-Ljbffr