Offensive Security Engineer

at  CH Robinson

C.H. Robinson is seeking an Offensive Security Engineer to join our Warsaw office/global team. In this role, you’ll lead red team exercises, fortifying our applications’ security. Your expertise will integrate offensive security practices into our SDLC, identifying vulnerabilities and bolstering our digital resilience against threats. You’ll embody C.H. Robinson Technology’s core values, exhibiting knowledge of our business, entrepreneurial spirit, teamwork, excellent customer service, passion, tech-savvy, effective communication, respect, accountability, strong work ethic, and work-life balance.

REQUIRED QUALIFICATIONS:

• Minimum of 5 years of experience in offensive cybersecurity, with a strong focus on red teaming, penetration testing, or similar activities.
• Expertise in multiple offensive security tools and frameworks, especially MITRE ATT&CK and MITRE ATLAS.
• Solid understanding of OWASP top 10s (Web application, API, CI/CD, LLM, and more).
• Proficiency in API security testing and exploitation.
• Strong understanding of the software development lifecycle and application security.
• Solid knowledge of programming/scripting languages; C# and Python knowledge are essential.
• Strong analytical and problem-solving abilities, coupled with a proactive approach to identifying and mitigating security risks and an ability to think like an adversary.
• On-call rotation (once every 7 weeks)
• Team player with a growth mindset.
• Ability to work independently and manage multiple tasks.
• Strong ethical standards and understanding of the legal implications of penetration testing.

PREFERRED QUALIFICATIONS:

• Exposure to GenAI/LLM red team exercise.
• OS security (Windows & Linux); Kubernetes Security; Cloud security – Azure.
• Certifications such as OSCP, OSCE, or similar.
• Knowledge of regulatory compliance and security standards – NIST-CSF.
• Good understanding of NIST SP 800-115, OSSTMM(Open Source Security Testing Manual).
• Experience in DevSecOps practices.
• Knowledge of mobile applications and device security testing (iOS/Android)

WHAT DOES C.H. ROBINSON OFFER YOU?

• Contract of employment (umowa o pracę)
• Package of benefits (private medical care - Medicover, sports card, cafeteria system, unlimited access to training platform Percipio and GoFluent, Employee Assistance Program ICAS)
• Hybrid working model from our Technology office in Warsaw
• Work office in Warsaw Spire (we are moving to a new, modern building - Studio), near to metro station Rondo Daszyńskiego
• An opportunity to use and develop your language skills in our international work environment
  Questioning if you meet the mark? Studies have shown that women, people of color, and individuals with disabilities may be less likely to apply unless they match the job description exactly. Here at C.H. Robinson, we’re building a diverse and inclusive workplace where all employees feel they belong. If this position excites you, we welcome you to apply whether you check all the preferred qualifications or just a few. You may just be our next great fit!

• Plan, execute, and communicate red team exercises to simulate cyber threats, identify vulnerabilities, and evaluate security effectiveness.
• Integrate Offensive Security into SDLC by collaborating with development teams to embed security practices, including threat modeling and proactive testing.
• Conduct regular Vulnerability Assessment and Penetration Testing (VAPT) to discover and exploit security flaws, providing detailed findings and recommendations.
• Develop and employ custom tools and techniques for threat simulation, enhancing preparedness against potential attacks.
• Collaborate closely with defensive teams to improve security strategies based on insights from offensive operations.
• Act as a security training expert, contributing to developer training programs and promoting a security-first mindset.
• Stay updated on the latest cybersecurity trends and offensive techniques to ensure our practices remain effective and current.