Global Security Engineer Offensive Operations (Remote or Onsite)

Crane Company is seeking an Information Security professional to join its Global Information Security Team. This role involves supporting the company’s global information security program through exploitative testing for context-based risk analysis. The ideal candidate will possess proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, attacker tradecraft, and a strong understanding of system and network administration. Prior experience in offensive security is required.

In this role, the successful candidate will collaborate closely with other Global Information Security team members, both in offensive operations and collaborative purple-team scenarios involving the SOC. This collaboration will involve testing the company’s defenses, assisting in planning exercises, and guiding the overall approach to mitigating risk and addressing security gaps.

Responsibilities and Duties:

• Perform security reviews of enterprise systems, applications, and networks in coordination with local technology and security teams to ensure effective application of security controls
• Evaluate systems and security processes to identify vulnerabilities, misconfigurations, and exploitation vectors
• Participate in and support vulnerability management processes
• Manage projects, holding teams and team members accountable
• Conduct production-safe exploitation of suspected software and hardware vulnerabilities to demonstrate business impact
• Perform periodic network traffic analysis
• Plan and develop penetration test methodologies, automations, and schedules
• Create reports and remediation recommendations based on findings
• Present findings and risks to both technical and non-technical audiences
• Provide business and data intelligence to support threat analysis
• Consume and triage cyber threat intelligence to provide current industry-related risk context
• Collaborate with business and technology managers to improve data protection processes and procedures
• Engage with vendors and third parties in security testing development and execution
• Manage and review attack surface, assigning and delegating remediation actions to the Business
• Participate effectively in data governance and risk compliance planning
• Raise incidents involving potential data loss or threats to data
• Report and provide metrics to support program objectives

Qualifications and Competencies:

• Minimum 5 years of work experience in penetration testing & application security testing
• Strong understanding of Linux and Windows administration
• Experience in performing security assessments using common offensive security tools such as: Metasploit, NetExec, Impacket, Nmap, Burpsuite, Pretender, etc.
• Knowledge of command-and-control technologies and overlay networking
• Experience in crafting spear-phishing playbooks and initial access packages
• Proficiency in PowerShell, Perl, Ruby, Python, Go, Rust, Java, or other language(s) to create penetration testing solutions
• Foundational knowledge of, and experience with, administering enterprise-level Information Technology systems including networks, virtualization, cloud, operating systems, Active Directory, etc.
• Experience with Attack Surface Management tools and processes
• Ability to work both independently and as part of a small, distributed team
• Experience in Breach/Attack simulations and tabletop exercises
• Flexibility to work outside regularly scheduled/normal business hours as required
• Commitment to security training and earning corresponding certifications
• Highly motivated and self-directed
• Excellent verbal and written communication skills
• Passion for solving complex problems and a drive for continuous learning
• Ability to prioritize, schedule and track to deadlines
• Required: Degree in a related field or at least 5 years relevant professional experience
• Desired: Technical professional security certification such as OSCP, GPEN, or similar
• US Person as defined under EAR PART 772 AND ITAR 120.15

This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.