Senior Offensive Security Engineer

We are Omnissa!  
 
Omnissa is the first AI-driven digital work platform, built to support flexible, secure, work-from anywhere experiences. We integrate industry-leading solutions—including Unified Endpoint Management, Virtual  Apps and Desktops, Digital Employee Experience, and Security & Compliance—into a seamless, autonomous workspace that adats to how people work. Our platform boosts employee engagement while optimizing IT operations, security, and cost.  
 
Guided by our Core Values—Act in Alignment, Build Trust, Foster Inclusiveness, Drive Efficiency, and Maximize Customer Value—we’re growing rapidly and committed to delivering meaningful impact. If you're passionate about shaping the future of work, we’d love to hear from you. 

What is the opportunity?

Omnissa is hiring a Senior Offensive Security Engineer to run assumed-breach exercises and adversary emulation that improve detections and playbooks and prove fixes through retest. You’ll work across identity, endpoint (EDR), cloud/SaaS, and application surfaces (web/APIs), with deep strength in one domain and practical depth in another. When results don’t add up, you’ll safely pin down root cause and turn what you learn into repeatable scenarios we rerun after major changes and on a set cadence. You’ll partner with SOC and Detection Engineering to set pass/fail criteria, close telemetry gaps, and drive findings to closure. We care about signal, evidence, and follow-through. Assumed breach is the default (we start from an agreed foothold); when initial access is in scope, you’ll validate realistic entry paths with explicit guardrails and safety controls. Here is a breakdown:

• Run assumed-breach and adversary emulation end to end

• Build the emulation plan: pick scenarios based on top risk, incident learnings, and meaningful platform changes

• Validate high-impact attack paths across identity, endpoint, cloud/SaaS, and applications; capture evidence, replay steps, impact, and practical remediation

• Partner with SOC and Detection Engineering to define required telemetry and publish an ATT&CK-mapped gaps list with pass/fail criteria

• Conduct targeted technical deep dives when needed (debugging, static/dynamic analysis, tradecraft) to confirm root cause without production impact

• Build and maintain a runnable library others can use safely: scenarios, runners, runbooks/guardrails, expected telemetry; raise quality through reproducibility and peer review

Compliance validation gate (10–20%)

• Set scope/ROE, quality bar, and acceptance criteria for compliance-driven tests run by internal partners and external vendors

• Review deliverables for accuracy and reproducibility; require retest evidence and drive closure to an audit-ready standard

What success looks like

• 90 days: Deliver 1–2 end-to-end exercises that result in shipped fixes and improved detections/playbooks, with replay steps and retest proof

• 180 days: Publish an emulation plan and scenario library tied to top risk, platform changes, and incident learnings, each scenario runnable with guardrails and pass/fail criteria

• Ongoing: Higher-signal coverage and fewer repeat findings because fixes are verified, not assumed

What will you bring to Omnissa?

• Experience leading assumed-breach and/or adversary emulation in enterprise environments: tight ROE, strong evidence, and retest-to-closure discipline

• Demonstrated, peer-recognized depth in one domain (identity, endpoint, cloud/SaaS, or appsec) plus credible working depth in at least one other

• Strong fundamentals in OS internals and debugging (process/memory, authentication flows) and networking (protocols, DNS/TLS, segmentation)

• Ability to analyze artifacts/tradecraft and clearly explain root cause and impact

• Strong scripting for automation and safe PoCs: Python plus PowerShell and/or Bash

• Track record translating offensive work into defensive outcomes (telemetry, detections, response actions/playbooks) and verifying fixes via retest

• Clear writing: evidence, replay steps, ATT&CK mapping, detection gaps, and closure criteria

• Cross-team ownership: you can drive remediation with engineering teams, handle pushback, and keep the bar high

• Operational discipline: tight ROE, OPSEC, safety controls, and clean rollback, no surprises in production

Preferred

• Built a reusable emulation library others can run safely (scenarios, runners, guardrails)

• Integrated emulation checks into CI/CD, scheduled runs, or IaC workflows (e.g., Terraform)

• Deeper background in debugging/RE or security tooling interactions (endpoint tradecraft, protocol/app internals)

• Certifications (OSCP/OSWE/GPEN/CRTO) helpful