Entry Level Offensive Security Engineer Jobs (NOW HIRING)

Job Summary:
The Cybersecurity and Infrastructure Security Agency is responsible for protecting the nation's critical infrastructure from cyber threats. They are seeking an Offensive Cybersecurity Operator to plan and execute offensive security engagements, emulating real adversary tactics against federal and critical infrastructure partners, and to brief leadership on remediation priorities.
Responsibilities:
• Lead full-lifecycle red team and penetration-test engagements against federal enterprise networks, cloud tenants (AWS / Azure / GCP), containerized and serverless workloads, web applications, and CI/CD pipelines - owning scoping, rules of engagement, operator tasking, deconfliction, and final reporting.
• Emulate real-world threat actors - design and run ATT&CK-aligned operations that chain initial access, identity/IAM abuse, privilege escalation, and lateral movement to reach crown-jewel systems, then prove impact without causing harm.
• Build and operate offensive infrastructure as code - stand up and tear down C2, redirectors, phishing, and lab/range environments repeatably with Terraform, Ansible, or comparable tooling, with disciplined OPSEC.
• Develop and extend offensive tooling - custom payloads, C2 profiles, exploit adaptations, and AI/LLM-augmented recon, code-review, and triage workflows - and feed that tradecraft back into team capability.
• Run continuous external attack-surface testing - automate discovery and assessment of internet-facing assets, set severity rubrics, and track exposure reduction across the agencies you support.
• Assess emerging attack surface - infrastructure-as-code and pipeline supply chains, SaaS/identity-provider federation, and AI/ML-integrated applications (prompt injection, model abuse, data-exfil paths).
• Partner with threat intelligence and detection engineering - turn current adversary reporting into testable TTPs, and work purple-team to validate and harden defensive coverage after every operation.
• Brief the people who can act - deliver attack narratives and prioritized, concrete remediation to system owners and senior executives in mission-impact terms; mentor operators and set tradecraft, automation, and OPSEC standards for the team.
Qualifications:
Required:
• You must be a U.S. citizen.
• Selective Service - Males born after 12/31/59 must be registered or exempt from Selective Service.
• All Federal employees are required to participate in Direct Deposit/Electronic Funds Transfer for salary payments.
• DHS uses E-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States.
• You must be able to obtain and maintain a security clearance suitable for Federal employment as determined by a background investigation.
• One-year probationary period may be required.
• This position may be designated as essential personnel.
• This position has been identified as a drug testing designated position (TDP) for purposes of the CISA's Drug-Free Workplace Program.
• Experience must be Information Technology (IT)-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.
• You must have IT-related experience demonstrating each of the 9 competencies listed below: Attention to Detail, Customer Service, Decision Making, Information Management, Interpersonal Skills, Oral Communication, Problem Solving, Teamwork, Technical Competence.
• In addition to meeting the qualification requirement listed above, you must have at least one year of specialized experience at the next lower GS-grade level (or equivalent).
• You qualify at the GS-13 grade level if you have at least one (1) year of specialized experience at the GS-12 grade level (or equivalent) performing at least three of the specified duties.
• You qualify at the GS-14 grade level if you have at least one (1) year of specialized experience at the GS-13 grade level (or equivalent) performing at least three of the specified duties.
Company:
Cybersecurity and Infrastructure Security Agency protects the resilience of the nation's physical and cyberinfrastructure. Founded in 2007, the company is headquartered in Washington, USA, with a team of 1001-5000 employees. The company is currently Late Stage.