1

Freelance Offensive Security Engineer Jobs (NOW HIRING)

As an Offensive Security Engineer, you will own external attack surface testing, reconnaissance activities, and adversary emulation initiatives to improve security resilience. You will work closely ...

New

Who We Are Looking For We are looking for an Offensive Security Engineer who operates with clear ownership. You're not just filling a seat. You're setting the standard. You believe great execution ...

As an Offensive Security Engineer, you will lead efforts to identify and mitigate security risks, perform penetration testing, and guide engineering teams on secure design and best practices.

As an Offensive Security Engineer, you will lead efforts to identify and mitigate security risks, perform penetration testing, and provide guidance on secure design practices while contributing to ...

Senior Offensive Security Engineer

San Francisco, CA · On-site

$134K - $185K/yr

They are seeking a Senior Offensive Security Engineer to lead their Offensive Security program, focusing on identifying security issues through proactive attacks on services, applications, and ...

Offensive Security Engineer

Seattle, WA · Remote

$150K - $200K/yr

As an Offensive Security Engineer at Staris AI, you'll be at the vanguard of the application security profession. This role goes beyond conventional application security and penetration testing; you ...

AI Offensive Security Engineer

Austin, TX · On-site

$136K - $228K/yr

Role Overview eBay seeks an AI Offensive Security Engineer to proactively identify and exploit vulnerabilities in AI/ML systems before adversaries do. This is a hands-on technical role focused on ...

Offensive Security Engineer

Sunnyvale, CA · On-site

$165K - $242K/yr

As an Offensive Security Engineer at CoreWeave, you will lead efforts to identify and mitigate security risks across internal and external systems. You'll perform penetration testing, conduct threat ...

Senior Offensive Security Engineer

OR · On-site +1

$114K - $156K/yr

Are you an experienced Senior Offensive Security Engineer that wants to work with cutting-edge cybersecurity technologies and contribute to enhancing our overall security posture? At Ivanti, we work ...

Offensive Security Engineer

Livingston, NJ · On-site

$165K - $242K/yr

As an Offensive Security Engineer at CoreWeave, you will lead efforts to identify and mitigate security risks across internal and external systems. You'll perform penetration testing, conduct threat ...

Senior Offensive Security Engineer

$117K - $160K/yr

Are you an experienced Senior Offensive Security Engineer that wants to work with cutting-edge cybersecurity technologies and contribute to enhancing our overall security posture? At Ivanti, we work ...

next page

Showing results 1-20

Freelance Offensive Security Engineer information

See salary details

$14

$47

$132

How much do freelance offensive security engineer jobs pay per hour?

As of Jul 10, 2026, the average hourly pay for freelance offensive security engineer in the United States is $47.71, according to ZipRecruiter salary data. Most workers in this role earn between $24.28 and $61.78 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Freelance Offensive Security Engineer, and why are they important?

To thrive as a Freelance Offensive Security Engineer, you need deep expertise in penetration testing, vulnerability assessment, and cybersecurity best practices, often backed by certifications like OSCP or CEH. Familiarity with tools such as Metasploit, Burp Suite, Nmap, and scripting languages like Python is typically required. Strong problem-solving skills, self-motivation, and effective client communication set standout professionals apart in this field. These competencies are crucial for identifying and mitigating security risks while maintaining client trust and delivering high-value security assessments.

What are some common challenges faced by Freelance Offensive Security Engineers when working with multiple clients?

Freelance Offensive Security Engineers often juggle multiple projects for different clients, which can make time management and prioritization challenging. Each client may have unique security requirements, varying network environments, and distinct expectations for deliverables. Additionally, staying updated on the latest vulnerabilities and attack techniques is crucial, as clients rely on your expertise for thorough assessments. Clear communication and diligent documentation are essential to ensure that findings and recommendations are understood and actionable for each client.

What are Freelance Offensive Security Engineers?

Freelance Offensive Security Engineers are independent cybersecurity professionals who specialize in identifying and exploiting vulnerabilities within computer systems, networks, and applications. They are hired by organizations on a contract basis to conduct penetration testing, red teaming, and security assessments to help improve the organization's defenses. Unlike in-house employees, freelancers work for multiple clients and often bring a diverse range of experience from different industries. Their primary goal is to simulate real-world attacks and provide detailed reports with recommendations to enhance security posture.

What is the difference between Freelance Offensive Security Engineer vs Penetration Tester?

AspectFreelance Offensive Security EngineerPenetration Tester
CertificationsOSCP, CEH, OSWEOSCP, CEH, GPEN
Work EnvironmentProject-based, remote or on-site, client-specificTypically consulting, testing environments, often on-site or remote
Employer/Industry UsageFreelance, cybersecurity firms, consultingSecurity firms, internal security teams, consulting

Freelance Offensive Security Engineers and Penetration Testers both focus on identifying security vulnerabilities. However, Freelance Offensive Security Engineers often work on broader offensive security projects, including red teaming and security architecture, while Penetration Testers primarily conduct targeted vulnerability assessments. The roles overlap but differ in scope and depth of engagement.

More about Freelance Offensive Security Engineer jobs
What cities are hiring for Freelance Offensive Security Engineer jobs? Cities with the most Freelance Offensive Security Engineer job openings:
What are the most commonly searched types of Offensive Security Engineer jobs? The most popular types of Offensive Security Engineer jobs are:
What states have the most Freelance Offensive Security Engineer jobs? States with the most job openings for Freelance Offensive Security Engineer jobs include:
What job categories do people searching Freelance Offensive Security Engineer jobs look for? The top searched job categories for Freelance Offensive Security Engineer jobs are:
Infographic showing various Freelance Offensive Security Engineer job openings in the United States as of July 2026, with employment types broken down into 95% Full Time, 2% Part Time, and 3% Contract. Highlights an 87% Physical, 4% Hybrid, and 9% Remote job distribution, with an average salary of $99,230 per year, or $47.7 per hour.

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 14 days ago


Job description

Benefits:

  • Competitive compensation

  • Medical, dental, and vision insurance

  • 401(k) retirement savings plan with substantial company match

  • Life and travel insurance

  • Tuition assistance

  • Wellness reimbursement program

  • Paid holidays and vacation

What is an Offensive Security Engineer?

We are seeking a diligent and experienced Offensive Security Engineer to join our team. In this role, you will be working within a group of highly motivated Information Technology and Cybersecurity professionals committed to keeping Central Hudson safe. The Offensive Security Engineer is responsible for conducting intelligenceled threat emulation and purple team exercises to simulate realworld adversaries, validate detection and response capabilities, and identify security control gaps. This role partners closely with the SOC, threat intelligence, detection engineering, and infrastructure teams to continuously validate detections, assess control effectiveness, and drive measurable improvements across the detectiontoremediation lifecycle. The ideal candidate has a strong understanding of modern security principles, offensive security techniques, and attacker methodologies, along with excellent analytical skills and the ability to clearly communicate technical findings and risk to both technical and nontechnical stakeholders.

What does an Offensive Security Engineer do?

  • Conducts targeted offensive testing activities in support of threat emulation and detection validation across networks, applications, cloud environments, and endpoints

  • Executes intelligencedriven threat emulation exercises that replicate realworld adversaries, campaigns, and tactics, techniques, and procedures (TTPs)

  • Performs vulnerability remediation testing to validate the effectiveness of fixes and compensating controls

  • Maps emulated activity to MITRE ATT&CK techniques and track detection coverage and gaps

  • Develops and maintains custom tools, scripts, and payloads to support testing activities

  • Safely exercises adversary techniques to evaluate the effectiveness of security controls and detections

  • Partners with blue team, SOC, and engineering teams to test detection and response capabilities

  • Implements, maintains, and enhances red team tooling and infrastructure to support penetration testing, adversary emulation, and purple team exercises

  • Leads and executes purple team exercises in close coordination with the SOC and Blue Team, sharing findings, techniques, and actionable recommendations to strengthen detection, response, and recovery capabilities

  • Assists in tuning and validating security controls, alerts, analytics, and incident response playbooks based on threat emulation outcomes

  • Validates security detections across SIEM, EDR, identity, and cloud platforms using repeatable and measurable testing scenarios

  • Produces clear, actionable reports detailing emulated adversary behavior, detection gaps, response gaps, and prioritized remediation guidance

  • Presents results to technical teams and leadership, translating technical risk into business terms

  • Tracks remediation progress and re-test identified issues

  • Stays current on emerging threats, adversary techniques, and offensive security tooling

  • Contributes to the development of red team methodologies, frameworks, and documentation

  • Supports threat intelligence-driven testing aligned with real-world attack trends

  • Consumes and operationalizes threat intelligence to inform adversary selection, scenario design, and testing priorities

  • Promotes and raises awareness by educating others about the importance of cybersecurity

  • Builds relationships with government and local agencies to promote collaborative information sharing

  • Stays updated with the latest cybersecurity trends, threats, and technologies

  • Participates in on-call as needed to respond to security incidents outside of regular working hours

  • Provides support for storm restoration efforts

What does it take to be an Offensive Security Engineer?

Required:

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science or related field of study. In lieu of a bachelor's degree, an associate degree in the aforementioned fields and 3 years of information security engineering or related experience or a high school diploma or equivalency degree and 5 years of information security engineering or related experience will be considered

  • Strong knowledge of network, application, and cloud security, including operating systems (Windows and Linux)

  • Working knowledge of common offensive security tools, including but not limited to:

    • Metasploit, Cobalt Strike (or equivalents), Burp Suite, Nmap, BloodHound, and CrackMapExec

  • Knowledge of vulnerability remediation testing and validating the effectiveness of security controls

  • Demonstrated experience collaborating closely with SOC or Blue Team functions to improve detection and incident response maturity

  • Ability to develop scripts or tools using Python, PowerShell, Bash, or C#

  • Solid understanding of security operations and detection technologies, including SIEM, EDR, IDS/IPS, and endpoint protection, to support adversaryemulation and purpleteam activities

  • Familiarity with industry security frameworks and methodologies, such as:

    • MITRE ATT&CK

    • NIST 80061 (Incident Response)

    • SANS / CIS Critical Security Controls

  • Strong analytical and problemsolving skills with the ability to assess complex security issues

  • Excellent written and verbal communication skills, including the ability to clearly document findings and communicate risk to both technical and nontechnical audiences

  • Ability to work independently with minimal supervision and respond professionally to constructive feedback

  • Ability to work nights, weekends, holidays during a critical cyber incident or event

  • Valid driver's license

Preferred:

  • 3+ years of hands-on experience performing offensive security activities such as penetration testing, detection validation, adversary emulation, red teaming, or exploitation of applications, networks, and cloud environments

  • Familiarity with evaluating security controls and risk exposure through an attacker's lens, including validation of compensating controls and secure design assumptions

  • Experience identifying security weaknesses through threat modeling, attack simulations, and exploitation, with the ability to translate findings into actionable remediation guidance

  • Experience in Energy & Utilities or services industry

  • Relevant certifications such CISSP, CEH, GPEN, GCIH, OSCP, OSWE, or similar offensive security focused credentials

Applications will be accepted until July 9, 2026.

This position has a career path which allows for advancement opportunities within the Information Security Analyst job series. The title and level are commensurate with experience. Pay range: $73,000 - $171,300

Please go to https://www.cenhud.com/employment. Click the "Search Career Opportunities" button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance employment in individuals who are protected veterans and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR