Open Source Intelligence Jobs in Madison, WI (NOW HIRING)

Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, renewable energy solutions, and K-12 and higher education expert. For over 40 years, Nelnet has been serving its customers, associates, and communities.

The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you're part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.

Nelnet's Senior Red Teamers are responsible for planning and executing full-scope offensive security engagements that simulate advanced persistent threats against the enterprise. This role encompasses end-to-end red team engagement lifecycle ownership, custom tooling development, and the advancement of internal TTPs to reflect the current threat landscape. The Senior Red Teamer serves as a technical authority within the Offensive Operations team, providing mentorship and technical guidance to junior practitioners and contributing to the maturation of the Red Team program. This is an individual contributor role with technical leadership responsibilities; it does not include direct reports or people management.Job Description

• Own and contribute to the full lifecycle of red team engagements - including scoping, rules of engagement definition, threat modeling, operational planning, execution, deconfliction, and post-engagement reporting - across external network, assumed breach, and purple team scenarios. Ensure engagements are structured, documented, and executed in alignment with program standards and organizational risk appetite
• Conduct advanced penetration testing and adversary simulation across all technical and physical attack surfaces, including web applications, APIs, servers, network infrastructure, cloud environments (IaaS, SaaS, PaaS), Windows Active Directory, mobile applications, and physical access controls. Apply real-world attacker techniques and scenario-based targeting to maximize engagement fidelity and operational value.
• Develop and maintain custom offensive tooling, exploits, payloads, and evasion techniques to support engagements and reduce reliance on commodity or signature-based tooling. Maintain awareness of current defensive countermeasures and adapt tooling accordingly to reflect realistic threat actor behavior.
• Research and operationalize current and emerging threat actor TTPs, tracking adversary tradecraft across open-source intelligence, threat reports, and industry research. Translate findings into engagement scenarios, attack chains, and internal playbooks that reflect the threat landscape relevant to Nelnet's business and industry.
• Provide technical mentorship and guidance to junior red team practitioners - including work review, knowledge transfer, and participation in internal training, documentation, and skills development initiatives. Contribute to team capability growth through consistent, structured technical engagements with less senior staff.
• Collaborate with blue team, SOC, and defensive stakeholders to validate detection and response capabilities, support purple team exercises, and deliver actionable feedback on detection gaps, alert fidelity, and defensive control effectiveness. Approach these engagements with a shared-outcome mindset that improves the organization's overall security posture.
• Author technically rigorous, well-structured reports that document engagement objectives, methodology, findings, attack paths, and evidence, with clear risk ratings and prioritized remediation guidance. Produce executive-level summaries that convey security risk in business-relevant terms without sacrificing technical accuracy.
• Contribute to the development and ongoing refinement of red team program materials - including engagement frameworks, methodology documentation, internal playbooks, and capability roadmaps - to support program maturity, consistency, and scalability over time.
• Prepare and deliver briefings on red team findings and program activity, and security risk to technical leads, security leadership, and executive stakeholders as appropriate. Communicate complex offensive security concepts clearly and with appropriate context for each audience.

Education

Knowledge equivalent to the completion of a Bachelor's degree in Computer Science, Information Security, or a related field of study - or equivalent demonstrated professional experience.

Experience

• 5-8 years of hands-on experience in a penetration testing or red team role, or equivalent offensive security experience

• Demonstrated experience leading red team engagements across multiple domains (network, cloud, Active Directory, web applications, physical)

• Demonstrated experience developing custom offensive tooling, scripts, or capabilities (PowerShell, Python, C/C++, C#, Bash, or similar)

• Demonstrated experience operating and customizing command and control (C2) frameworks (e.g., Cobalt Strike, Havoc, Sliver, or equivalent)

• Experience communicating risk clearly and effectively to both engineering teams and non-technical management

• Experience producing high-quality technical and executive-level written reports

• Active industry certifications required; advanced offensive security certifications preferred (OSCP, OSED, CRTO, CRTE, or equivalent)

Competencies - Skills / Knowledge / AbilitiesNeeds:

• Deep expertise in penetration testing methodologies across all relevant domains: web applications, APIs, network infrastructure, cloud environments, and Windows Active Directory

• Deep expertise with offensive security tooling across the same domains; ability to extend, modify, or replace tools as operational requirements demand

• Demonstrated experience with command and control frameworks - deployment, customization, and operational use

• Demonstrated knowledge of the MITRE ATT&CK framework and the ability to map engagement activity to current threat actor methodologies

• Demonstrated experience developing attack plans for varied red team scenarios, including external network, assumed breach, and purple team exercises

• Demonstrated experience with EDR, firewall, IDS/IPS, and AV evasion techniques

• Working knowledge of cyber defense capabilities, SOC workflows, and detection logic; ability to evaluate and challenge existing detection coverage

• Knowledge of indicators of compromise associated with common offensive tools and techniques

• Proficiency in scripting and development (PowerShell, Python, Bash, C/C++, C#, or equivalent) with the ability to produce functional, operationally relevant code

• Familiarity with vulnerability classification frameworks (e.g., CVSS, OWASP Top 10, CVE)

• Solid understanding of infrastructure deployment and systems administration in both on-premises and cloud environments

• Solid understanding of Windows Active Directory architecture and associated attack paths (e.g., Kerberoasting, ACL abuse, lateral movement)

• Solid understanding of Linux operating systems and common exploitation techniques

• Familiarity with IT regulatory frameworks and compliance requirements as they apply to offensive testing scope and rules of engagement

• Strong organizational, written, verbal, and presentation skills; ability to tailor communication style to audience

• Ability to assess and communicate risk at appropriate levels of urgency to both technical teams and leadership

• Demonstrated ability to operate independently, manage engagement timelines, and deliver results without close supervision

Wants:

• Experience with reverse engineering methodologies and tools (e.g., Ghidra, IDA, x64dbg)

• Familiarity with forensic methodologies and tools as applied to post-engagement analysis or adversary simulation fidelity

• Experience contributing to or publishing offensive security research, tooling, or tradecraft (internal or external)

• Experience designing or contributing to red team program development - playbooks, engagement frameworks, metrics, or capability roadmaps

• Prior experience in a formal mentorship or technical lead capacity within a security team

Pay range for this role is: $110-160k
Please note that we are unable to provide visa sponsorship for this position. To be considered, candidates must already be authorized to work in the United States without the need for current or future sponsorship.

Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program. Click here to learn more about our benefits: LINK.

Nelnet is committed to providing a welcoming and respectful workplace where all associates have the opportunity to succeed. As an Equal Opportunity Employer, we ensure that all qualified applicants are considered for employment. Employment decisions are made without regard to race, color, religion/creed, national origin, gender, sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by federal, state, or local law. We value the unique contributions of every team member and believe that a positive work environment benefits everyone.

Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402-486-5725 orcorporaterecruiting@nelnet.net.

Nelnet is a Drug Free and Tobacco Free Workplace.