1

Offensive Analyst Jobs (NOW HIRING)

FICO (NYSE: FICO) is a leading global analytics software company, helping businesses in 100 ... The Opportunity As Director of Offensive Security, you will serve as a strategic leader shaping ...

Be Seen First

Senior Penetration Tester / Offensive Security Analyst Location: Remote Contract: 6+ Months & Extendable Pay rate - $47/hr on W2/Danta Technologies payroll (OR) $55/hr on C2C Client is looking for a ...

New

Dive into exciting opportunities in Cybersecurity, IT, Data Analytics and more. Propel your career ... This position is offensive in nature and works closely with government officials and senior ...

... an offensive security engineering mindset to join us as a Senior Offensive Security Engineer ... Conduct root-cause analysis and digital forensics post-incident to reconstruct attacker timelines ...

next page

Showing results 1-20

Offensive Analyst information

See salary details

$36.5K

$97.7K

$228.5K

How much do offensive analyst jobs pay per year?

As of Jul 3, 2026, the average yearly pay for offensive analyst in the United States is $97,659.00, according to ZipRecruiter salary data. Most workers in this role earn between $55,000.00 and $111,000.00 per year, depending on experience, location, and employer.

What are some common challenges faced by Offensive Analysts when conducting penetration tests within organizations?

Offensive Analysts often encounter challenges such as limited access to systems due to strict internal controls, time constraints imposed by project schedules, and the need to maintain clear communication with stakeholders to avoid operational disruptions. Additionally, they must stay updated on the latest attack techniques and tools to effectively identify vulnerabilities while ensuring all testing activities comply with legal and ethical guidelines. Collaborating closely with IT and security teams is essential to interpret test results and recommend actionable remediation steps.

What is the difference between Offensive Analyst vs Defensive Analyst?

AspectOffensive AnalystDefensive Analyst
CredentialsTypically requires cybersecurity certifications like OSCP, CEH, or GIAC certificationsSimilar certifications such as CISSP, GIAC certifications, or CEH are common
Work EnvironmentEngages in proactive testing, penetration testing, and simulating attacks to identify vulnerabilitiesFocuses on monitoring, threat detection, and defending against cyber threats
Employer & Industry UsageUsed by cybersecurity firms, IT departments, and government agencies to identify security gapsCommonly employed in security operations centers (SOCs) and enterprise security teams

While both roles require cybersecurity knowledge and certifications, Offensive Analysts focus on simulating attacks to find vulnerabilities, whereas Defensive Analysts work to detect and prevent cyber threats. Both are essential for comprehensive cybersecurity strategies.

What is an Offensive Analyst?

An Offensive Analyst is a member of a football coaching staff who specializes in analyzing the team's offensive strategies and the opponents' defenses. They break down game film, identify patterns, and provide detailed reports to help coaches and players improve performance. Offensive Analysts often assist in game planning, scout upcoming opponents, and suggest tactical adjustments. While they typically do not coach players directly during games, their behind-the-scenes work is vital for a team's offensive success.

What are the key skills and qualifications needed to thrive as an Offensive Analyst, and why are they important?

To thrive as an Offensive Analyst, you need a deep understanding of football strategy, offensive play design, and data analysis, often supported by experience in coaching or playing football at a high level. Familiarity with video analysis software, playbook design tools, and statistical platforms is typically required. Strong communication, attention to detail, and adaptability help in effectively conveying insights to coaching staff and adjusting to fast-paced game situations. These skills are crucial for developing effective offensive strategies that give teams a competitive edge on the field.
More about Offensive Analyst jobs
What cities are hiring for Offensive Analyst jobs? Cities with the most Offensive Analyst job openings:
What are the most commonly searched types of Offensive Analyst jobs? The most popular types of Offensive Analyst jobs are:
What states have the most Offensive Analyst jobs? States with the most job openings for Offensive Analyst jobs include:
Infographic showing various Offensive Analyst job openings in the United States as of June 2026, with employment types broken down into 93% Full Time, and 7% Part Time. Highlights an 81% Physical, 7% Hybrid, and 12% Remote job distribution, with an average salary of $97,659 per year, or $47 per hour.
Offensive Security Engineer

Offensive Security Engineer

Central Hudson

Poughkeepsie, NY • On-site

Full-time

Posted 8 days ago


Job description

Job Summary:
Central Hudson is seeking a diligent and experienced Offensive Security Engineer to join their team. This role involves conducting intelligence-led threat emulation and purple team exercises to simulate real-world adversaries and validate security controls, while partnering closely with various teams to enhance detection and response capabilities.
Responsibilities:
• Conducts targeted offensive testing activities in support of threat emulation and detection validation across networks, applications, cloud environments, and endpoints
• Executes intelligence‑driven threat emulation exercises that replicate real‑world adversaries, campaigns, and tactics, techniques, and procedures (TTPs)
• Performs vulnerability remediation testing to validate the effectiveness of fixes and compensating controls
• Maps emulated activity to MITRE ATT&CK techniques and track detection coverage and gaps
• Develops and maintains custom tools, scripts, and payloads to support testing activities
• Safely exercises adversary techniques to evaluate the effectiveness of security controls and detections
• Partners with blue team, SOC, and engineering teams to test detection and response capabilities
• Implements, maintains, and enhances red team tooling and infrastructure to support penetration testing, adversary emulation, and purple team exercises
• Leads and executes purple team exercises in close coordination with the SOC and Blue Team, sharing findings, techniques, and actionable recommendations to strengthen detection, response, and recovery capabilities
• Assists in tuning and validating security controls, alerts, analytics, and incident response playbooks based on threat emulation outcomes
• Validates security detections across SIEM, EDR, identity, and cloud platforms using repeatable and measurable testing scenarios
• Produces clear, actionable reports detailing emulated adversary behavior, detection gaps, response gaps, and prioritized remediation guidance
• Presents results to technical teams and leadership, translating technical risk into business terms
• Tracks remediation progress and re-test identified issues
• Stays current on emerging threats, adversary techniques, and offensive security tooling
• Contributes to the development of red team methodologies, frameworks, and documentation
• Supports threat intelligence–driven testing aligned with real-world attack trends
• Consumes and operationalizes threat intelligence to inform adversary selection, scenario design, and testing priorities
• Promotes and raises awareness by educating others about the importance of cybersecurity
• Builds relationships with government and local agencies to promote collaborative information sharing
• Stays updated with the latest cybersecurity trends, threats, and technologies
• Participates in on-call as needed to respond to security incidents outside of regular working hours
• Provides support for storm restoration efforts
Qualifications:
Required:
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science or related field of study. In lieu of a bachelor’s degree, an associate degree in the aforementioned fields and 3 years of information security engineering or related experience or a high school diploma or equivalency degree and 5 years of information security engineering or related experience will be considered
• Strong knowledge of network, application, and cloud security, including operating systems (Windows and Linux)
• Working knowledge of common offensive security tools, including but not limited to: Metasploit, Cobalt Strike (or equivalents), Burp Suite, Nmap, BloodHound, and CrackMapExec
• Knowledge of vulnerability remediation testing and validating the effectiveness of security controls
• Demonstrated experience collaborating closely with SOC or Blue Team functions to improve detection and incident response maturity
• Ability to develop scripts or tools using Python, PowerShell, Bash, or C#
• Solid understanding of security operations and detection technologies, including SIEM, EDR, IDS/IPS, and endpoint protection, to support adversary‑emulation and purple‑team activities
• Familiarity with industry security frameworks and methodologies, such as: MITRE ATT&CK, NIST 800‑61 (Incident Response), SANS / CIS Critical Security Controls
• Strong analytical and problem‑solving skills with the ability to assess complex security issues
• Excellent written and verbal communication skills, including the ability to clearly document findings and communicate risk to both technical and non‑technical audiences
• Ability to work independently with minimal supervision and respond professionally to constructive feedback
• Ability to work nights, weekends, holidays during a critical cyber incident or event
• Valid driver’s license
Preferred:
• 3+ years of hands-on experience performing offensive security activities such as penetration testing, detection validation, adversary emulation, red teaming, or exploitation of applications, networks, and cloud environments
• Familiarity with evaluating security controls and risk exposure through an attacker’s lens, including validation of compensating controls and secure design assumptions
• Experience identifying security weaknesses through threat modeling, attack simulations, and exploitation, with the ability to translate findings into actionable remediation guidance
• Experience in Energy & Utilities or services industry
• Relevant certifications such CISSP, CEH, GPEN, GCIH, OSCP, OSWE, or similar offensive security focused credentials
Company:
Central Hudson Gas & Electric Corporation is a regulated transmission and distribution utility serving approximately 300,000 electric customers and 80,000 natural gas customers in New York State’s Mid-Hudson Valley. Founded in 1900, the company is headquartered in Poughkeepsie, USA, with a team of 501-1000 employees. The company is currently Late Stage.