Job Summary:
Shamrock Trading Corporation is a family of brands serving the transportation and logistics industries since 1986. They are seeking a Senior Security Engineer to simulate real-world adversaries and identify high-impact vulnerabilities across enterprise and cloud environments, focusing on penetration testing and improving detection and response capabilities.
Responsibilities:
• Plan and execute advanced red team engagements across enterprise environments.
• Emulate real-world threat actors using MITRE ATT&CK-aligned techniques.
• Chain vulnerabilities into realistic attack paths with business impact.
• Simulate multi-stage attacks to evaluate organizational resilience.
• Conduct penetration testing across: Web applications and APIs, cloud environments (IAM abuse, misconfigurations), identity systems (Active Directory / Entra ID) and internal networks and endpoints
• Identify and exploit vulnerabilities to demonstrate real-world risk.
• Perform lateral movement, persistence, and privilege escalation activities.
• Test and bypass security controls and detection mechanisms.
• Operate and customize command-and-control (C2) frameworks: Cobalt Strike, Sliver, Mythic, or equivalent
• Develop scripts, payloads, and tooling to support operations.
• Validate cloud security posture controls through adversarial techniques.
• Exploit identity misconfigurations, exposed credentials, and privilege escalation paths.
• Assess real-world impact of cloud exposure risks.
• Partner with SOC and blue teams to conduct purple team exercises.
• Help improve detection rules, alert quality, and response capabilities.
• Provide insight into attacker techniques to enhance defensive strategies.
• Deliver clear, actionable reports with: Risk-prioritized findings, attack path analysis, and practical remediation guidance
• Translate technical findings into business-relevant risk insights.
Qualifications:
Required:
• 6-8+ years in offensive security, penetration testing, or red teaming
• Proven experience executing full-scope red team engagements
• Strong expertise in: Exploitation (web, network, identity systems), post-exploitation and lateral movement and privilege escalation techniques
• Experience with C2 frameworks and evasion techniques
• Deep understanding of MITRE ATT&CK framework
• Strong scripting or programming skills (Python, PowerShell, C#, etc.)
Preferred:
• Experience with cloud penetration testing (AWS, Azure, GCP)
• Background in exploit development or custom tooling
• Certifications such as OSCP, OSEP, CRTO, OSCE
Company:
Shamrock Trading Corporation is the parent company for a family of brands in transportation services, finance and technology. Founded in 1986, the company is headquartered in Overland Park, USA, with a team of 1001-5000 employees. The company is currently Late Stage.