Senior Offensive Security Engineer​/Red Team Operator v2

Overview

Knox is establishing an internal offensive security capability to proactively identify exploitable weaknesses in customer workloads and core platforms operating within regulated cloud environments (FedRAMP Moderate, FedRAMP High, and DoD IL-4). These operators will conduct adversary emulation campaigns that reveal weaknesses automated security tooling may miss.

This is a senior hands-on role, well suited for highly skilled operators who prefer active offensive work over administrative responsibilities. Candidates must demonstrate the ability to independently execute advanced attack campaigns in modern cloud-native environments.

• Identify exploitable paths inside regulated customer workloads prior to onboarding.
• Execute adversary simulations that validate cloud workload and platform hardening.
• Provide reproducible exploitation steps to enable remediation.
• Strengthen detection and automation platforms by contributing attack patterns and insights.
• Support the compliance program by validating successful remediation.

• Conduct offensive security operations against cloud workloads and platform services.
• Execute full kill-chain campaigns demonstrating realistic adversary behavior.
• Deploy or manage approved offensive tooling and C2 frameworks.
• Document reproduction steps and attack chains for downstream remediation teams.
• Participate in weekly reporting on offensive posture and program maturity.
• Maintain confidentiality and operate under strict rules of engagement.
• Use AI-assisted automation frameworks and modern exploitation techniques.
• Collaborate with internal engineering teams to improve platform resiliency.

• 10+ years offensive security / red‑team experience.
• Demonstrated mastery of adversary tradecraft in cloud-native environments.
• Hands‑on offensive experience across at least one major hyperscaler (AWS/Azure/GCP); multi‑cloud preferred.
• Strong familiarity with Kubernetes attack surfaces.
• Familiarity with commercial or open-source C2 tooling and modern offensive methods.
• Experience working in regulated or compliance‑sensitive environments strongly preferred.

• Passion for offensive security as a craft.
• Demonstrated ability to rapidly weaponize findings.
• Ability to work independently and operate with discretion.
• Familiarity with AI‑assisted exploit development or automation.

• Optional security conference participation (e.g., Black Hat/DEFCON).
• No routine customer travel expected.

This role requires deeply experienced operators capable of independently conducting complex offensive campaigns. Candidates should not be primarily policy, compliance, or leadership oriented—this function is hands‑on technical execution. The preferred candidate pool is located on the U.S. East Coast due to executive and engineering alignment but remote U.S.‑based citizens will be considered if exceptional.

• A short Loom video walking through a passion project, including what it does and a review of some of the code.
• Access to either a public or private repository so we can review their commits and overall code quality.

Ideally, the project should be built on (or close to) the stack outlined in the job descriptions.

Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject

We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.