Jobs · Information Technology · Florida

Offensive Security Analyst II

JM Family Enterprises, Inc. · Miami-Fort Lauderdale Area · 1 wk ago
HybridInformation TechnologyFull-time

Responsibilities

  • Conduct offensive security activities including penetration testing, attack simulations, threat-based assessments, and control validation across on-prem, cloud, identity, and SaaS environments.
  • Execute and assist in the development of red team and purple team exercises, collaborating with detection and response teams to validate defensive coverage.
  • Identify, validate, and responsibly disclose security weaknesses to stakeholders, providing clear remediation guidance and risk context.
  • Design, develop, and maintain custom offensive security tooling (Python, PowerShell, Bash, or similar), including frameworks, reusable modules, and automation that scale testing beyond point-in-time assessments.
  • Evaluate when to build versus buy offensive security capabilities, with a bias toward internal tooling where it improves flexibility, visibility, or speed of iteration.
  • Incorporate AI-assisted techniques (e.g., automation, chaining analysis, signal prioritization) to increase testing efficiency and analyst leverage.
  • Contribute documentation such as test reports, playbooks, findings templates, and executive-level summaries.
  • Contribute to the long-term architecture of the offensive security program, including shared libraries, testing pipelines, data models, and reporting outputs optimized for reuse and scale.
  • Mentor junior analysts and contribute to team knowledge sharing.
  • Partner with application and platform engineering teams not only to test systems, but to co-design secure patterns, reference implementations, and reusable testing components.
  • Build developer-consumable assets (templates, scripts, sample exploits, safe test harnesses) that enable teams to self-validate security assumptions earlier in the SDLC.
  • Provide developer-friendly remediation guidance, proof-of-concepts, and secure coding recommendations that are actionable and aligned to real-world development workflows.
  • Support the integration and tuning of security testing tools within CI/CD pipelines, balancing detection depth with developer experience and signal quality.
  • Collaborate with Security Engineering and Application teams to improve self-service security capabilities, documentation, and testing patterns that developers can reuse.
  • Participate in post-testing debriefs with developers to educate, coach, and improve security outcomes—not just report findings.

Qualifications

  • Hands-on experience with penetration testing, red team, purple team, or adversary emulation activities.
  • Strong understanding of Windows, Active Directory, Azure/Entra ID, networking, cloud platforms, and SaaS architectures.
  • Experience with common offensive security tools and frameworks (e.g., C2 frameworks, vulnerability scanners, exploit frameworks).
  • Knowledge of MITRE ATT&CK, kill chains, and attacker tradecraft.
  • Experience validating security controls such as EDR, SIEM, identity protections, email security, and cloud security controls.
  • Strong scripting and automation skills; ability to customize or build tools to support testing objectives.
  • Ability to translate technical findings into clear risk-based narratives for technical and non-technical audiences.
  • Strong analytical, problem-solving, and critical-thinking skills.
  • Able to work independently while collaborating effectively in cross-functional teams.
  • High attention to detail with a strong sense of ethics and responsible disclosure.
  • Experience working directly with software engineers to remediate vulnerabilities and improve secure development practices.
  • Understanding of modern SDLC and CI/CD pipelines, including how security testing fits into developer workflows.
  • Familiarity with secure coding practices and common vulnerability classes in modern applications (web, APIs, cloud-native services).
  • Ability to communicate security findings in a way that developers can quickly understand, prioritize, and fix.
  • Mindset oriented toward enablement over enforcement, with a focus on reducing friction while improving security outcomes.
  • Background in software engineering, platform engineering, or SRE, with a desire to specialize in security.
  • Experience designing or maintaining production-quality code, not just scripts.
  • Comfort working with APIs, data pipelines, CI/CD systems, and cloud-native services as part of security capability development.
  • Curiosity and practical interest in applying AI/ML-assisted techniques to security testing, automation, and analysis.

Similar jobs

Security Analyst II

CyderesUnited States· 1 wk ago
RemoteInformation Technologyapply on jobs.lever.co

Security Analyst II

Lucid SoftwareRaleigh, NC· 6 days ago
Information Technologyapply on job-boards.greenhouse.io

Security Analyst II

Lucid SoftwareSalt Lake City, UT· 6 days ago
Information Technologyapply on job-boards.greenhouse.io

Security Analyst II

PBSAlexandria, VA· 6 days ago
Information Technology$155k–$165k/yrapply on vhr-pbs.wd115.myworkdayjobs.com

Security Analyst II

Foresite CybersecurityOverland Park, KS· 1 mo ago
Information Technologyapply on careers.foresite.com