Note: The job is a remote job and is open to candidates in USA. College Board is seeking a Lead Offensive Security Engineer to serve as the technical leader of their Red Team capability. The role involves designing and executing high-impact offensive security campaigns to improve the organization's security posture and ensuring the effectiveness of red team operations.
Responsibilities
- Design and evolve the Red Team capability (35%)
- Define and continuously refine the red team engagement model, including methodology, scope development, rules of engagement, evidence standards, and quality controls
- Shape offensive assessment strategy in partnership with leadership, translating program priorities into technically sound attack approaches and campaign plans
- Determine tooling, infrastructure, and C2 frameworks used in approved environments, ensuring tradecraft reflects relevant real-world threat actors and techniques
- Establish standards for multi-stage adversary simulation, ensuring engagements are realistic, repeatable, and aligned to MITRE ATT&CK and current threat intelligence
- Continuously assess and improve how red team effectiveness is measured, including coverage, repeat findings, and defensive validation outcomes
- Lead execution of high-impact offensive campaigns (40%)
- Lead and personally execute advanced penetration tests and red team assessments across client applications, web applications, APIs, endpoints, and supporting infrastructure
- Orchestrate multi-stage attack simulations spanning initial access, privilege escalation, lateral movement, persistence, and objective completion within approved guardrails
- Plan and drive purple team exercises in close partnership with Threat Hunt, SOC, and Incident Response teams to validate and strengthen detection and response capabilities
- Evaluate the effectiveness of security controls, including SIEM, EDR, and network monitoring, and drive re-testing to confirm measurable improvement
- Coordinate and guide other red team engineers during engagements, ensuring consistency, technical rigor, and high-quality deliverables
- Drive measurable defensive impact and organizational enablement (25%)
- Translate offensive findings into prioritized, actionable remediation guidance and partner with system owners to drive meaningful risk reduction
- Produce executive-ready reports and briefings that clearly articulate risk, impact, and recommended actions for both technical and non-technical stakeholders
- Develop and maintain standardized red team artifacts, including playbooks, adversary emulation plans, reporting templates, and documentation that improve repeatability and knowledge transfer
- Provide technical guidance to Vulnerability Management and Threat Hunting teams on attacker behaviors, custom detection approaches, and validation techniques
- Foster a culture of collaboration and continuous learning across Cyber Operations teams through knowledge sharing, mentorship, and contribution to shared playbooks and best practices
Skills
- Demonstrated experience leading complex red team engagements or adversary simulations across applications, endpoints, APIs, and cloud environments
- Proven ability to influence technical direction and raise operational standards without formal people management authority
- 7+ years of experience in cybersecurity, with at least 3–5 years in offensive security, red team, or advanced penetration testing roles
- Deep hands-on expertise with modern C2 frameworks and adversary simulation tooling, with the ability to adapt tradecraft to evolving defensive controls
- Strong understanding of attacker methodologies, including MITRE ATT&CK, OWASP Top 10, CWEs, and real-world threat intelligence, and the ability to translate those into practical attack scenarios
- Experience conducting purple team exercises and validating SIEM, EDR, and network detection capabilities through controlled simulation and evidence-based testing
- Experience delivering executive-ready briefings that clearly communicate technical risk, business impact, and prioritized remediation actions
- High degree of discretion, integrity, and operational discipline when conducting sensitive offensive security work
- Bachelor's degree in Computer Science, Engineering, or equivalent practical offensive security experience
- Authorization to work in the United States without sponsorship
- Ability to travel 3-5 times a year to our NYC or Reston, VA office
- Proficiency in Microsoft Suite tools is preferred, though a willingness to learn is equally valued
- Curiosity and enthusiasm for emerging technologies, particularly AI-driven solutions, and a proactive approach to independently learning and applying new digital tools
Benefits
- A comprehensive package designed to help you thrive.
- We’re a self-sustaining nonprofit that believes in fair and competitive compensation, grounded in your qualifications, experience, impact, and the market.
- A Thoughtful Approach to Compensation
- Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
- We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
- We adjust salaries by location to ensure fairness, no matter where you live.
- You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process.
- Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).
Company Overview