Offensive Security Professional

Deloitte

Tel Aviv District

Description

We are looking for an experienced and proactive Offensive Security Professional to join our elite team of Red Teamers and Penetration Testers. In this role, you will be responsible for identifying complex vulnerabilities and bridging the gap between deep technical exploits and business risk. You will execute end-to-end operations, ensuring that our security posture remains ahead of evolving threats across Cloud, Application, and Infrastructure domains.

Key Responsibilities:

Operational Excellence:

  • End-to-End Execution: Perform the full lifecycle of offensive engagements—from initial technical reconnaissance to final exploit demonstration and reporting.
  • Red Teaming: Execute complex, scenario-based Red Team operations, simulating advanced adversaries (APTs) to test detection and response capabilities.
  • Cloud & AppSec: Conduct deep-dive penetration testing for Web Applications, APIs, and Cloud Native environments (AWS, Azure, GCP, Kubernetes).
  • Vulnerability Research: Stay at the forefront of the threat landscape, developing custom scripts and tools to bypass modern security controls.

Strategy & Business Value:

  • Technical Insights: Translate complex technical findings into clear, actionable insights, explaining technical risk and impact to various stakeholders (R&D, DevOps, and security teams).
  • Innovation: Apply "outside the box" thinking to challenge existing security assumptions and identify non-obvious attack vectors.

Requirements:

Experience & Background:

  • 3+ years of hands-on experience in Offensive Security (Penetration Testing / Red Teaming).
  • Proven track record of performing complex security assessments in enterprise environments.
  • High proficiency in English (verbal and written) – Mandatory.

Technical Expertise:

  • Red Team Methodologies: Deep understanding of AV/EDR evasion, C2 infrastructure setup, Active Directory and Network Red Team methodology, Cloud Red Team methodology, and Social Engineering Techniques.
  • Application Security: Expertise in OWASP Top 10, logic flaws, and API security.
  • Cloud & Infrastructure: Strong hands-on experience with Cloud Security penetration testing (AWS, Azure, or GCP), including Kubernetes (K8s) and container security.

Certifications:

  • OSCP, OSEP, OSWE, GCPN, GXPN or equivalent industry-recognized credentials - Advantage

Soft Skills & Mindset:

  • Analytical Thinking: Ability to simplify complex technical concepts and communicate them clearly.
  • Proactive Approach: Self-driven professional who identifies security gaps and suggests technical improvements independently.
  • Hacker Mindset: Always looking for the exception, the edge case, and the creative bypass.

Advantages:

  • Project Leadership: Proven experience in leading end-to-end offensive security projects, from inception to final delivery.
  • Scoping Expertise: Previous experience in performing technical scoping and defining Rules of Engagement (RoE) for complex environments.
  • Leadership Background: Prior experience in team leadership or mentoring junior researchers/consultants.
  • Specialized Tests: Experience with Physical Security Penetration Tests.