Offensive IT Security Engineer

Are you ready to write your next chapter?
Make your mark at one of the biggest names in payments. We're looking for a highly skilled Offensive IT Security Engineer to join our ever evolving team and help us unleash the potential of every business.

What you'll own as the Offensive IT Security Engineer / Penetration Tester
The ideal candidate will be responsible for designing, implementing, and executing advanced penetration testing and red/purple teaming engagements. The Offensive Security Engineer will play a pivotal role in identifying vulnerabilities, assessing security posture, and providing actionable insights to enhance our clients' cybersecurity defenses.

Responsibilities

• Conduct comprehensive penetration tests and vulnerability assessments on various systems, networks, and applications to identify weaknesses and potential entry points for malicious actors.
• Develop and execute sophisticated attack scenarios and simulations to emulate real-world threats and assess the resilience of cybersecurity controls.
• Collaborate with cross-functional teams to discover and analyse security findings, prioritize remediation efforts, and recommend effective mitigation strategies.
• Create detailed reports outlining identified vulnerabilities, exploit techniques, and actionable recommendations for improving security posture.
• Experience conducting Threat Hunting and mapping the Attack Surface.
• Collaborate with the business to review vulnerabilities and advise on remediation priority.
• Assist with the management, and assessment of, vulnerabilities reported through Responsible Disclosure and Bug Bounty programmes.
• Stay abreast of emerging security threats, attack techniques, and industry best practices to continuously enhance offensive security methodologies.
• Provide technical expertise and guidance to internal teams on offensive security techniques, tools, and procedures.
• Participate in knowledge-sharing activities, such as training sessions and workshops, to foster a culture of continuous learning and skill development within the organization.

What You'll Bring

• Bachelor's degree in computer science, Information Security, or related field, or the combination of demonstrable relevant experience and skills.
• One or more certifications such as OSCP, OSCE, GPEC, GPEN, CCSAS, or similar.
• Proven experience in offensive security roles, including penetration testing, red/purple teaming, and ethical hacking.
• Strong knowledge across network, operating system, cloud, and web application security architecture.
• Strong proficiency in utilizing offensive security tools e.g., Metasploit, Burp Suite, Nmap, Nuclei, Kali Linux, etc.
• Understanding and experience of utilizing data from Exposure Management services, e.g., Shodan, Censys etc.
• Proficiency in at least one programming language and one scripting language.
• In-depth understanding of common attack vectors, exploit techniques, and vulnerability assessment methodologies, in particular experience applying MITRE ATT&CK would be an advantage.
• Familiarity with industry compliance standards and regulations (e.g., PCI DSS, ISO 27001, GDPR, etc.).
• Any experience with CBEST or TIBER assessment frameworks would be desirable.
• Excellent analytical skills with the ability to assess complex systems and identify security gaps

About The Team
To learn more about our winning teams, check out our world-class teams that own it every day.

What Makes a Worldpayer
What makes a Worldpayer? It's simple: Think, Act, Win. We stay curious, always asking the right questions and finding creative solutions to simplify the complex. We're dynamic, every Worldpayer is empowered to make the right decisions for their customers. And we're determined, always staying open and winning and failing as one.

Does this sound like you? Then you sound like a Worldpayer. Apply now to write the next chapter in your career.

Privacy Statement
Worldpay is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how Worldpay protects personal information online, please see the Online Privacy Notice.

Sourcing Model
Recruitment at Worldpay works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. Worldpay does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.