Lead Offensive Security Engineer (Remote)

Experian's Offensive Security team is charged with improving the organization's security posture through clarifying risk and verifying the efficacy of our technical, people, physical, and process controls from an attacker perspective. In order to accomplish this, the team performs regular Adversary Simulation (Red Team) testing, leads and contributes to Purple Team Exercises, and performs ad-hoc and tactical Assessments based on changes to the threat landscape and organizational needs.

As a Lead Engineer within the Offensive Security team, you will participate in and lead the design and execution of both campaign-based adversary simulation assessments and tactical assessments, while contributing to collaborative purple team exercises.

You will report to the Head of Offensive Security.

You'll have the opportunity to:

• Collaborate with other teams within the Cyber Fusion Center and the wider organization to ensure threat-informed Cyber Risks are understood and articulated, with a goal of contributing to the successful defense of the organization.
• Support Offensive Security's engagement at multiple organizational levels, from senior leaders to technical analysts, to help guide risk understanding and verify the efficacy of remediation/mitigative actions.
• Participate in performing physical exploitation, network exploitation, and social engineering assessments against authorized targets.
• Leverage Cyber Threat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings, and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian's control environment.
• Help establish and lead Social Engineering and Human Risk Assurance functions.
• Work with the team to provide remediation recommendations across the organization to aid with remediation/mitigation of identified Cyber Risks.
• Develop scripts, tools, and methodologies to increase Offensive Security's capabilities and educate other team members.
• Use AI tools to help with Offensive Security activities while complying with Experian's Acceptable Use of AI policies and Offensive Security Rules of Engagement.
• Use MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create digital marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them to save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agrifinance, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data and to innovate. A FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 23,300 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Your background:

• 8+ years of cybersecurity experience, 3+ years of experience in offensive security and adversary simulation.
• Understanding of Human Risk and experience performing social engineering assessments, which can move the needle on Human Risk.
• Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services and healthcare sectors.
• 3+ years of experience in two or more of the following areas:
  • Network penetration testing and manipulation of network infrastructure
  • Web application penetration testing assessments
  • Email, phone, or physical social-engineering assessments
  • Developing, extending, or modifying exploits, shell code or exploit
  • Covert physical intrusion
  • Cloud security or penetration testing (any major provider)
• Proficient in attacker tooling, including post-exploitation frameworks and tooling.
• Proficient in one or more of the following programming/scripting languages (C, C++, C#, Go, Python, PowerShell, Bash, or Ruby).
• Knowledge of current cloud attack methodologies and mitigations.
• Knowledge of Windows Operating System architecture and internals, and use thereof in an enterprise environment.
• Social Engineering knowledge, such as OSINT, spear phishing, vishing, and other initial access methods.
• Knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems.
• Knowledge of IT technologies and methods to secure them, specifically for databases, SharePoint, storage area networks, cloud-based storage, and data warehouses.
• Knowledge of GenAI platforms and how they can be combined with agentic workflows.
• Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, GXPN, or equivalent experience.

Benefits/Perks:

• Great compensation package and bonus plan.
• Core benefits including medical, dental, vision, and matching 401K.
• Flexible work environment, ability to work remote, hybrid or in-office.
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays.
• Explore all our exciting benefits here: https://yourexperianbenefits.com/cand-index.html.

At Experian, our people and culture set us apart. We're committed to creating an environment where everyone feels they belong and can excel. From inclusion and authenticity to work/life balance, development, wellness, collaboration, and recognition, we focus on what matters. Our people-first approach has earned us global recognition: World's Best Workplaces™ 2024 (Fortune Top 25), Great Place To Work™ 2025 in 26 countries, and Glassdoor Best Places to Work 2024, among others.

Want to see what life at Experian is really like? Explore Experian Life on social or visit our careers site.

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. You will be also eligible for a variable pay opportunity.

Experian is proud to be an Equal Opportunity Employer for all groups protected under applicable federal, state and local law, including protected veterans and individuals with disabilities. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Remote

This is a remote position.