[Remote] Lead Offensive Security Engineer
Note: The job is a remote job and is open to candidates in USA. The College Board is a mission-driven organization dedicated to educational excellence, and they are seeking a Lead Offensive Security Engineer to enhance their cyber security operations. This role involves leading red team engagements, shaping offensive security strategies, and improving the organization's security posture through advanced penetration testing and threat simulations.ResponsibilitiesDesign and evolve the Red Team capability (35%)Define and continuously refine the red team engagement model, including methodology, scope development, rules of engagement, evidence standards, and quality controlsShape offensive assessment strategy in partnership with leadership, translating program priorities into technically sound attack approaches and campaign plansDetermine tooling, infrastructure, and C2 frameworks used in approved environments, ensuring tradecraft reflects relevant real-world threat actors and techniquesEstablish standards for multi-stage adversary simulation, ensuring engagements are realistic, repeatable, and aligned to MITRE ATT&CK and current threat intelligenceContinuously assess and improve how red team effectiveness is measured, including coverage, repeat findings, and defensive validation outcomesLead execution of high-impact offensive campaigns (40%)Lead and personally execute advanced penetration tests and red team assessments across client applications, web applications, APIs, endpoints, and supporting infrastructureOrchestrate multi-stage attack simulations spanning initial access, privilege escalation, lateral movement, persistence, and objective completion within approved guardrailsPlan and drive purple team exercises in close partnership with Threat Hunt, SOC, and Incident Response teams to validate and strengthen detection and response capabilitiesEvaluate the effectiveness of security controls, including SIEM, EDR, and network monitoring, and drive re-testing to confirm measurable improvementCoordinate and guide other red team engineers during engagements, ensuring consistency, technical rigor, and high-quality deliverablesDrive measurable defensive impact and organizational enablement (25%)Translate offensive findings into prioritized, actionable remediation guidance and partner with system owners to drive meaningful risk reductionProduce executive-ready reports and briefings that clearly articulate risk, impact, and recommended actions for both technical and non-technical stakeholdersDevelop and maintain standardized red team artifacts, including playbooks, adversary emulation plans, reporting templates, and documentation that improve repeatability and knowledge transferProvide technical guidance to Vulnerability Management and Threat Hunting teams on attacker behaviors, custom detection approaches, and validation techniquesFoster a culture of collaboration and continuous learning across Cyber Operations teams through knowledge sharing, mentorship, and contribution to shared playbooks and best practicesSkillsDemonstrated experience leading complex red team engagements or adversary simulations across applications, endpoints, APIs, and cloud environmentsProven ability to influence technical direction and raise operational standards without formal people management authority7+ years of experience in cybersecurity, with at least 3–5 years in offensive security, red team, or advanced penetration testing rolesDeep hands-on expertise with modern C2 frameworks and adversary simulation tooling, with the ability to adapt tradecraft to evolving defensive controlsStrong understanding of attacker methodologies, including MITRE ATT&CK, OWASP Top 10, CWEs, and real-world threat intelligence, and the ability to translate those into practical attack scenariosExperience conducting purple team exercises and validating SIEM, EDR, and network detection capabilities through controlled simulation and evidence-based testingExperience delivering executive-ready briefings that clearly communicate technical risk, business impact, and prioritized remediation actionsHigh degree of discretion, integrity, and operational discipline when conducting sensitive offensive security workBachelor's degree in Computer Science, Engineering, or equivalent practical offensive security experienceAuthorization to work in the United States without sponsorshipAbility to travel 3-5 times a year to our NYC or Reston, VA officeProficiency in Microsoft Suite tools is preferred, though a willingness to learn is equally valuedCuriosity and enthusiasm for emerging technologies, particularly AI-driven solutions, and a proactive approach to independently learning and applying new digital toolsBenefitsAnnual bonuses and opportunities for merit-based raises and promotionsA mission-driven workplace where your impact mattersA team that invests in your development and successCompany OverviewCollege Board is a not-for-profit organization that clears a path for all students to own their future through the Advanced Placement Program, the SAT, Official SAT Practice on Khan Academy, BigFuture, and more. It was founded in 1899, and is headquartered in New York, New York, USA, with a workforce of 1001-5000 employees. Its website is http://www.collegeboard.org.