Senior Offensive Security Engineer/Red Team Operator

Location: United States Only – U.S. Citizens on U.S. Soil (East Coast preferred: Charlotte, Boston, NYC, DC metros)

Clearance: Public Trust, Secret, or TS/SCI preferred

Estimated Compensation: $145k-$180k

About Knox

Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.

Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail.

Overview

Knox is establishing an internal offensive security capability to proactively identify exploitable weaknesses in customer workloads and core platforms operating within regulated cloud environments (FedRAMP Moderate, FedRAMP High, and DoD IL-4). These operators will conduct adversary emulation campaigns that reveal weaknesses automated security tooling may miss.

This is a senior hands-on role, well suited for highly skilled operators who prefer active offensive work over administrative responsibilities. Candidates must demonstrate the ability to independently execute advanced attack campaigns in modern cloud-native environments.

Mission + Objectives

• Identify exploitable paths inside regulated customer workloads prior to onboarding.

• Execute adversary simulations that validate cloud workload and platform hardening.

• Provide reproducible exploitation steps to enable remediation.

• Strengthen detection and automation platforms by contributing attack patterns and insights.

• Support the compliance program by validating successful remediation.

Responsibilities

• Conduct offensive security operations against cloud workloads and platform services.

• Execute full kill-chain campaigns demonstrating realistic adversary behavior.

• Deploy or manage approved offensive tooling and C2 frameworks.

• Document reproduction steps and attack chains for downstream remediation teams.

• Participate in weekly reporting on offensive posture and program maturity.

• Maintain confidentiality and operate under strict rules of engagement.

• Use AI-assisted automation frameworks and modern exploitation techniques.

• Collaborate with internal engineering teams to improve platform resiliency.

Required Expertise

• 10+ years offensive security / red‑team experience.

• Demonstrated mastery of adversary tradecraft in cloud-native environments.

• Hands‑on offensive experience across at least one major hyperscaler (AWS/Azure/GCP); multi‑cloud preferred.

• Strong familiarity with Kubernetes attack surfaces.

• Proficiency with Python/JavaScript and scripting for automation.

• Familiarity with commercial or open-source C2 tooling and modern offensive methods.

• Experience working in regulated or compliance‑sensitive environments strongly preferred.

• Strong OPSEC discipline.

Preferred Attributes

• Passion for offensive security as a craft.

• Demonstrated ability to rapidly weaponize findings.

• Ability to work independently and operate with discretion.

• Familiarity with AI‑assisted exploit development or automation.

Travel Requirements

• Optional security conference participation (e.g., BlackHat/DEFCON).

• No routine customer travel expected.

Additional Note

This role requires deeply experienced operators capable of independently conducting complex offensive campaigns. Candidates should not be primarily policy, compliance, or leadership oriented—this function is hands‑on technical execution. The preferred candidate pool is located on the U.S. East Coast due to executive and engineering alignment but remote U.S.‑based citizens will be considered if exceptional.

If selected to move forward, you will be asked to provide:

• A short Loom video walking through a passion project, including what it does and a review of some of the code.

• Access to either a public or private repository so we can review your commits and overall code quality.

Ideally, the project should be built on (or close to) the stack outlined in the job descriptions.

Hiring Requirement: Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process.

Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements.

Benefits & Perks

Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.

We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.