Offensive Privacy Tester

Offensive Privacy Tester
We are looking for an experienced Offensive Privacy Engineer. In this role, you will conduct offensive privacy testing and identify vulnerabilities and/or misconfiguration to enhance the security and privacy of our systems and applications. Your efforts will ensure the protection of our users' data against potential threats, comply with applicable laws/regulations/commitments and reduce attack paths within the USDS environment.

Responsibilities:

• Lead comprehensive privacy-focused penetration tests and/or emulate adversary-like behavior/operations on our infrastructure, application, products and services.

• Perform deep technical, hands-on offensive privacy testing to identify and exploit privacy and security weaknesses.

• Contribute to the creation of a testing framework to methodically test safeguards being designed and implemented

• Design and execute advanced testing methodologies specifically targeting privacy vulnerabilities.

• Develop detailed reports on findings, including actionable remediation recommendations.

• Work closely with XFN teams to address and remediate identified vulnerabilities.

• Communicate findings effectively to technical and non-technical stakeholders.

• Advocate for best practices in privacy and data protection, ensuring compliance with relevant privacy regulations (e.g., GDPR, CCPA).

• Stay updated on the latest privacy threats and integrate new findings into the testing program.

• Build and implement security testing tools and technologies to enhance privacy testing capabilities and promote automation.

• Continuously improve team processes and methodologies for better testing outcomes.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degrees or equivalent professional experience are preferred.

• 4+ years of experience in offensive security testing, with a strong focus on privacy vulnerabilities.

• Proven experience in penetration testing, red teaming, and vulnerability assessments, particularly in privacy contexts.

• Relevant security certifications such as OSCP, OSEP, OSWA, OSWE, OWSE, OSED, GPEN, GXPN, GWAPT, GMOB, BSCP etc.

• Hands on technical experience in web, mobile and infrastructure penetration testing with tools like Burp Suite Pro, SQLMap, Frida, Objection, Android Studio, XCode, MobSF, Drozer

• Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections

• Familiarity and experience working with frameworks like MITRE ATT&CK/D3

FEND, NIST, CCPA, COPPA, OECS, ISO etc.

• Proven hands-on experience with programming and scripting languages (e.g., C/C++, C#, Python, Golang, JS).
Preferred Qualifications:

• Experience with automation, big data and relational databases.

• Contributions to the privacy or security community through research, publications, or participation in bug bounty programs.

• Relevant industry certifications (e.g., CIPP, CIPT, CIPM)