Logo
Athena

Security Validation Engineer (Red Team)

Athena, Palo Alto

Save Job

Overview

We are seeking a Security Validation Engineer to join our Red Team. This role is focused on identifying, validating, and exploiting vulnerabilities across systems, applications, and infrastructure to simulate real-world adversary behavior. As part of the security organization, you will help evaluate and strengthen our security posture by rigorously testing defenses, collaboratively reporting findings, and recommending mitigations.

Key Responsibilities

  • Plan, design, and execute red team engagements across infrastructure, applications, and cloud environments.
  • Conduct manual and automated penetration testing to identify exploitable vulnerabilities and misconfigurations.
  • Develop and execute adversary emulation scenarios to validate detection and response capabilities.
  • Perform end-to-end attack simulations, including tactics such as phishing, lateral movement, privilege escalation, and data exfiltration.
  • Build and maintain custom tools, scripts, or frameworks to support red team operations.
  • Validate the effectiveness of blue team defenses and provide actionable feedback for improving detection, prevention, and response measures.
  • Document findings with clear risk impact assessment and remediation guidance.
  • Collaborate closely with incident response, threat intelligence, and engineering teams to share attacker tradecraft and improve security controls.
  • Stay current with emerging threats, vulnerabilities, and offensive security techniques.

Required Qualifications

  • Strong knowledge of penetration testing methodologies (OWASP, MITRE ATT&CK, NIST, etc.).
  • Proficiency in exploitation frameworks, scripting, and tools (e.g., Cobalt Strike, Metasploit, Burp Suite, BloodHound, Python, PowerShell).
  • Hands‑on experience with attack vectors across networks, operating systems, applications, and cloud platforms.
  • Familiarity with Active Directory attacks, privilege escalation, persistence techniques, and evasion methods.
  • Understanding of enterprise defense mechanisms such as EDR, SIEM, logging, and network monitoring.
  • Solid problem‑solving and analytical skills with the ability to think like an attacker.
  • Excellent written and verbal communication skills for documenting findings and presenting results to both technical and non‑technical audiences.

Preferred Skills

  • Prior experience in a Red Team, Purple Team, or advanced penetration testing role.
  • Knowledge of adversary emulation frameworks and threat modeling.
  • Scripting capability (Python, PowerShell, Bash, or Go).
  • OSCP, OSCE, OSEP, CRTP, or similar offensive security certifications.
  • Knowledge of cloud security (AWS, Azure, GCP) attack surfaces.

Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

Security Engineering

#J-18808-Ljbffr