Senior Offensive Security Engineer

Experian is seeking a Senior Offensive Security Engineer to join its Offensive Security team, which is dedicated to enhancing the organization's security posture by identifying risks and evaluating the effectiveness of technical, human, physical, and procedural controls from an attacker's perspective. The team conducts regular adversary simulation (Red Team) testing and various ad-hoc and tactical assessments in response to evolving threat landscapes and organizational requirements. This hybrid role is based in Nottingham or London, with an expectation of 40% in-office presence, reporting to the Head of Offensive Security.

The successful candidate will collaborate with teams within the Cyber Fusion Centre and the broader organization to ensure a comprehensive understanding and articulation of cyber risks in a threat-informed manner, contributing to the organization's defense strategies. Responsibilities include performing physical and network exploitation, as well as social engineering assessments against authorized targets. The role also involves leveraging cyber threat intelligence, offensive security research, and previous adversary simulation findings to develop test cases that demonstrate the effectiveness of tactics, techniques, and procedures (TTPs) against Experian's control environment. Additionally, the engineer will stay abreast of the latest cyber threats and attack methodologies, develop scripts and tools to enhance offensive security capabilities, and utilize frameworks like MITRE ATT&CK to classify and describe attacker methodologies.

Candidates should have a background in offensive security and adversary simulation, with detailed knowledge of global cyber threats and adversary procedures. Proficiency in at least two of the following areas is required: network penetration testing, web application penetration testing, social engineering assessments (email, phone, or physical), development or modification of exploits and exploit tools, covert physical intrusion, cloud security or penetration testing, and AI Red Teaming/testing with agentic AI for automation. Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable. Specialist skills include proficiency in attacker tooling, programming languages (C, C++, C#, Python, PowerShell, Bash, or Ruby), social engineering techniques, current cloud attack methodologies and mitigations, Windows OS architecture and internals, and core IT concepts like TCP/IP networking, Windows & Active Directory, Unix/Linux, mainframes, cloud service providers, relational databases, data warehouses, and file systems.

Experian offers a competitive compensation package and discretionary bonus plan. Core benefits include pension, Bupa healthcare, sharesave scheme, and more. Employees are entitled to 25 days of annual leave, plus 8 bank holidays and 3 volunteering days, with the option to purchase additional annual leave. The company fosters a culture of innovation and inclusivity, investing in people and advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange, Experian operates in 32 countries with a team of 22,500 people, providing ample opportunities for professional growth and development.