MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Offensive Security Engineer (Red Team)

Confidential

Not specified permanent

Posted: May 20, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Required Skills

Red Team Cloud Platforms AWS GCP Azure Web Application Testing Active Directory IAM C2C Reporting Remediation Threat Modeling

Job Description

About PlexTrac

PlexTrac is a cybersecurity SaaS platform helping security teams streamline reporting, exposure management, and remediation workflows. Our platform is used by penetration testers, red teams, consultants, enterprises, and managed security providers to operationalize security findings and improve collaboration across technical and executive stakeholders.

We are a remote-first company headquartered in the United States with distributed team members across North America, Europe, and Asia. We are committed to ownership, transparency, practical problem-solving, and building products that customers genuinely rely on.

Why This Role Matters 

We build security software that helps companies protect their data. To make our product stronger, we are looking for Offensive Security Engineers (Red Team) who think like attackers. You will find weaknesses before the bad guys do, report what you find clearly, and work with our engineering team to fix it. This is a hands-on role with real influence on how we build and ship securely.

Location: Remote — India only.

Responsibilities

Plan and execute red team engagements across our cloud infrastructure (AWS/GCP/Azure), internal networks, web applications, and SaaS product

Simulate realistic attack chains — from initial access through lateral movement, credential harvesting, privilege escalation and data exfiltration — using current threat actor techniques

Conduct assumed breach scenarios, purple team exercises, and objective-based engagements, not just point-in-time pen tests

Assess cloud-specific attack surfaces: IAM roles and policies, storage misconfigurations, serverless functions, container workloads, and CI/CD pipelines

Test Active Directory and hybrid identity environments for common and advanced attack paths

Perform web and API application testing against our core product, including authentication flaws, authorization bypasses, and business logic vulnerabilities

Build, customize, and maintain offensive tools, scripts, and C2 infrastructure to support engagements

Develop and manage red team infrastructure — attack servers, redirectors, phishing platforms, and operational security controls

Create and maintain repeatable testing methodologies and internal playbooks the team can use and build on

Evaluate and improve detection coverage by working closely with our blue team — identify what's being caught, what isn't, and why

Write detailed reports that document attack paths, evidence, business impact, and remediation steps — clearly enough that an engineer can act on them without follow-up questions

Present findings to both technical teams and non-technical stakeholders, including leadership

Track remediation progress and validate that fixes actually close the identified gaps — not just check a box

Help define the scope, methodology, and maturity of our red team program as we scale

Contribute to internal security standards, threat models, and secure design reviews

Mentor junior team members and support knowledge sharing across the security org

Qualifications

4+ years of hands-on experience in offensive security, penetration testing, or a red team role

Demonstrated ability to attack and assess cloud environments — AWS, GCP, and Azure — including IAM abuse, privilege escalation, and misconfiguration exploitation

Hands-on experience with container and Kubernetes security (EKS, GKE, AKS)

Experience testing hosted and on-prem infrastructure: servers, VPNs, Active Directory, and internal networks

Working knowledge of web application attack techniques (OWASP Top 10 and beyond)

Familiarity with MITRE ATT&CK and how to map findings to real-world threat behavior

Experience writing clear, well-organized findings reports for both technical and non-technical readers

Ability to explain technical risk to people who are not security experts

Comfort working independently and managing your own workload

Nice to Have

Experience testing SaaS products or multi-tenant cloud architectures

Scripting or coding ability in Python, Bash, or PowerShell 

Familiarity with C2 frameworks such as Cobalt Strike, Brute Ratel, or Sliver

Experience with phishing simulations and social engineering engagements

Certifications such as OSCP, CRTO, CRTE, CPTS, or equivalent hands-on credentials

Tech Stack

Cloud and hosted environments, modern SaaS infrastructure, enterprise security controls, and offensive security tools for vulnerability testing and threat simulation.

Work Style

We operate as a remote-first, distributed team with a strong asynchronous culture. We value thoughtful communication, autonomy, and collaboration, with core working hours that partially overlap with U.S. Eastern Time.

Employees are administered through our EOR partner: Remote.

We’re committed to building an inclusive workplace where people from all backgrounds can thrive. We welcome applicants regardless of race, ethnicity, religion, gender identity, sexual orientation, age, disability, or background.

If you require accommodations during the interview process, please let us know: [email protected] 

#LI-Remote

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply