Offensive Security / Penetration Tester

To Apply for this Job Click Here

Offensive Sec/Penetration Tester
Location: Remote
3-month contract

About
The Security Research & Innovation (SRI) team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and offensive operations. This team has an exceptional automation culture — all team members build production automation that eliminates manual work at scale.  

The Penetration team conducts various styles of external or assume breach exercises, purple team engagements, and offensive security research to identify systemic risks before attackers do. Successful engagements deliver results that lead to executive-level engagement to drive immediate remediation across the enterprise. 

Role Summary 
We are seeking a Senior Offensive Security Operator to lead and execute penetration team engagements across our client’s multi-cloud enterprise environment or other engagements as needed. This role combines deep technical expertise in offensive security with a strong emphasis on AI-powered automation, autonomous testing frameworks, and scalable attack simulation. You will design and execute complex attack scenarios, develop AI-enhanced offensive tooling, and deliver findings that drive measurable risk reduction across the organization. 

Key Responsibilities 
Offensive Operations (50%) 

• Conduct M&A security assessments for newly acquired companies and integrations 

• Plan and execute full-scope penetration team engagements (network, application, cloud, social engineering) against our client’s production and corporate environments 

• Conduct assume-breach exercises targeting multi-tenant infrastructure to validate cross-tenant isolation and breakout resistance 

• Perform adversary emulation aligned with MITRE ATT&CK framework, simulating nation-state and criminal threat actor TTPs relevant to the HCM/payroll industry 

• Execute purple team exercises with the SOC to validate detection coverage and response capabilities 

• Deliver executive-level readouts and technical reports that translate offensive findings into business risk language 

AI-Powered Offensive Automation (30%) 

• Design, build, and maintain autonomous security testing frameworks that leverage AI/ML for vulnerability discovery, exploit chain generation, and attack path analysis 

• Develop AI-assisted reconnaissance and target enumeration tools using LLMs (Claude) and custom agents for scalable attack surface analysis 

• Build and operate continuous automated penetration teaming pipelines that test defenses without manual intervention 

• Create AI-powered C2 frameworks, payload generators, and evasion tools that adapt to defensive controls in real-time 

• Integrate offensive tooling with Claude, MCP servers, and enterprise AI infrastructure for AI-assisted security operations 

• Develop automation that generates findings, routes tickets, and tracks remediation — reducing the gap between discovery and fix 

Strategic Leadership (10%) 

• Drive the penetration team’s technical strategy and roadmap, identifying high-value targets and emerging attack surfaces (Product, Custom AI, and cloud-native services) 

• Represent the penetration team in cross-functional security initiatives, architecture reviews, and incident response when offensive expertise is needed 

• Maintain awareness of emerging threats, zero-day vulnerabilities, and adversary tradecraft relevant to clients’ technology stack 

Research & Knowledge Sharing (10%) 

• Publish internal research on novel attack techniques, AI-assisted exploitation, and cloud security assessment methodology 

• Contribute to the team’s Claude Code skills store and shared automation repositories 

• Develop and maintain penetration team infrastructure (honeypots, C2, phishing platforms) using infrastructure-as-code 

• Stay current on offensive security conferences, findings, etc – and incorporate new techniques into operations 

Required Qualifications 

• 4+ years of experience in offensive security, penetration teaming, or penetration testing in enterprise environments 

• Deep expertise in at least 3: network exploitation, web application security, Active Directory attacks, cloud infrastructure attacks, social engineering, physical security 

• Strong proficiency in AI, Python, Go, or C/C++ for offensive tool development and automation 

• Demonstrated experience building automated security testing tools, frameworks, or pipelines 

• Experience with Kubernetes, container security, and cloud-native attack techniques 

• Experience with C2 frameworks and adversary simulation platforms 

• Knowledge of MITRE ATT&CK framework and adversary emulation methodology 

• Experience with AI/ML security — attacking AI systems, prompt injection, model poisoning, or building AI-powered offensive tools 

• Experience developing autonomous security testing agents using LLMs 

• Excellent written and verbal communication skills — ability to translate technical findings into business risk for executive audiences 

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience 

Preferred Qualifications 

• Published CVEs, security research papers, or conference presentations (DEF CON, Black Hat, etc.) 

• Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial) 

• OSCP, OSCE, OSEP, CRTO, GXPN, or equivalent offensive security certifications 

• Familiarity with .NET, Java/Kotlin, and legacy application security assessment 

• Experience building infrastructure-as-code (Terraform, Pulumi) for penetration team operations

Offensive Sec/Penetration Tester
Location: Remote
3-month contract

About
The Security Research & Innovation (SRI) team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and offensive operations. This team has an exceptional automation culture — all team members build production automation that eliminates manual work at scale.  

The Penetration team conducts various styles of external or assume breach exercises, purple team engagements, and offensive security research to identify systemic risks before attackers do. Successful engagements deliver results that lead to executive-level engagement to drive immediate remediation across the enterprise. 

Role Summary 
We are seeking a Senior Offensive Security Operator to lead and execute penetration team engagements across our client’s multi-cloud enterprise environment or other engagements as needed. This role combines deep technical expertise in offensive security with a strong emphasis on AI-powered automation, autonomous testing frameworks, and scalable attack simulation. You will design and execute complex attack scenarios, develop AI-enhanced offensive tooling, and deliver findings that drive measurable risk reduction across the organization. 

Key Responsibilities 
Offensive Operations (50%) 

• Conduct M&A security assessments for newly acquired companies and integrations 

• Plan and execute full-scope penetration team engagements (network, application, cloud, social engineering) against our client’s production and corporate environments 

• Conduct assume-breach exercises targeting multi-tenant infrastructure to validate cross-tenant isolation and breakout resistance 

• Perform adversary emulation aligned with MITRE ATT&CK framework, simulating nation-state and criminal threat actor TTPs relevant to the HCM/payroll industry 

• Execute purple team exercises with the SOC to validate detection coverage and response capabilities 

• Deliver executive-level readouts and technical reports that translate offensive findings into business risk language 

AI-Powered Offensive Automation (30%) 

• Design, build, and maintain autonomous security testing frameworks that leverage AI/ML for vulnerability discovery, exploit chain generation, and attack path analysis 

• Develop AI-assisted reconnaissance and target enumeration tools using LLMs (Claude) and custom agents for scalable attack surface analysis 

• Build and operate continuous automated penetration teaming pipelines that test defenses without manual intervention 

• Create AI-powered C2 frameworks, payload generators, and evasion tools that adapt to defensive controls in real-time 

• Integrate offensive tooling with Claude, MCP servers, and enterprise AI infrastructure for AI-assisted security operations 

• Develop automation that generates findings, routes tickets, and tracks remediation — reducing the gap between discovery and fix 

Strategic Leadership (10%) 

• Drive the penetration team’s technical strategy and roadmap, identifying high-value targets and emerging attack surfaces (Product, Custom AI, and cloud-native services) 

• Represent the penetration team in cross-functional security initiatives, architecture reviews, and incident response when offensive expertise is needed 

• Maintain awareness of emerging threats, zero-day vulnerabilities, and adversary tradecraft relevant to clients’ technology stack 

Research & Knowledge Sharing (10%) 

• Publish internal research on novel attack techniques, AI-assisted exploitation, and cloud security assessment methodology 

• Contribute to the team’s Claude Code skills store and shared automation repositories 

• Develop and maintain penetration team infrastructure (honeypots, C2, phishing platforms) using infrastructure-as-code 

• Stay current on offensive security conferences, findings, etc – and incorporate new techniques into operations 

Required Qualifications 

• 4+ years of experience in offensive security, penetration teaming, or penetration testing in enterprise environments 

• Deep expertise in at least 3: network exploitation, web application security, Active Directory attacks, cloud infrastructure attacks, social engineering, physical security 

• Strong proficiency in AI, Python, Go, or C/C++ for offensive tool development and automation 

• Demonstrated experience building automated security testing tools, frameworks, or pipelines 

• Experience with Kubernetes, container security, and cloud-native attack techniques 

• Experience with C2 frameworks and adversary simulation platforms 

• Knowledge of MITRE ATT&CK framework and adversary emulation methodology 

• Experience with AI/ML security — attacking AI systems, prompt injection, model poisoning, or building AI-powered offensive tools 

• Experience developing autonomous security testing agents using LLMs 

• Excellent written and verbal communication skills — ability to translate technical findings into business risk for executive audiences 

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience 

Preferred Qualifications 

• Published CVEs, security research papers, or conference presentations (DEF CON, Black Hat, etc.) 

• Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial) 

• OSCP, OSCE, OSEP, CRTO, GXPN, or equivalent offensive security certifications 

• Familiarity with .NET, Java/Kotlin, and legacy application security assessment 

• Experience building infrastructure-as-code (Terraform, Pulumi) for penetration team operations

To Apply for this Job Click Here

Equal Employment Opportunity Statement
Gravity IT Resources is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other legally protected characteristic. All employment decisions are based on qualifications, merit, and business needs.