[Remote] Senior Offensive Security Engineer, Red Team (Remote)

Note: The job is a remote job and is open to candidates in USA. Procter & Gamble is a global leader in consumer goods, seeking a Senior Offensive Security Engineer for their Information Security Protect organization. This role involves leading red team operations to simulate cyber threats and improve security measures across their enterprise systems. Responsibilities • Lead end-to-end red team operations aligned to priority threat actors: scenario design, ROE, pre-briefs, execution, and hot-wash/AAR • Support purple-team engagements with DFIR/SOC and Detection Engineering to convert TTPs into durable detections, runbooks, and response improvements with measurable outcomes • Orchestrate assumed-breach campaigns emphasizing evasion and control bypass (EDR/AV, email/web security, identity/conditional access, network segmentation, cloud guardrails) • Perform campaign/TTP research, develop internal PoCs/tooling (e.g., tradecraft to exercise specific controls, lightweight payloads), and steward OPSEC • Produce executive-ready risk narratives and technical reporting (ATT&CK mapping, artifacts, evidence handling) and brief senior leadership • Mentor junior engineers; set standards for craft quality, methodology, and safety • Coordinate multi-party/third-party exercises; manage risk, deconflict with production, and ensure stakeholder alignment • Contribute to operational expansion by researching, prototyping, and developing novel capabilities for offensive use • Contribute to program maturity: metrics/KPIs, roadmap, methodology standardization, control validation cadence, and integration with vulnerability management Skills • BA or BS degree in Information Security, Cyber Security, Computer Science, or related field (OR 7+ years of relevant experience required in lieu of a degree) • 3+ years running offensive or emulation operations in large/complex environments, with demonstrated impact on detections/response • Expertise across 2+ domains: enterprise/web/mobile apps; identity; cloud (AWS/GCP/Azure); network/endpoint; IoT/OT; or directory services • Proven ability to bypass preventative/detective controls and reach mission objectives while maintaining safety and ROE • Strong engineering skills (Python, PowerShell, GO, C++, Web Frameworks); comfort with low-level concepts a plus) and familiarity with C2 tradecraft • Deep command of MITRE ATT&CK and threat-informed defense; history partnering with DFIR/SOC and Detection Engineering • Excellent executive and technical communication • Leadership of purple-team campaigns and incident-driven emulations; closed-loop improvements with measurable KPI movement • Building program metrics/KPIs, standardizing reporting, and integrating with risk governance • Threat-intel integration: actor/campaign analysis, hypothesis generation, and prioritization tied to business impact • Identity and cloud attack paths (SSO, MFA, OAuth, PAM; AWS/GCP/Azure control planes) with hardening collaboration across platform/IDAM teams • Coordinating large third-party exercises and setting complex ROE Benefits • Total rewards at P&G include salary + bonus (if applicable) + benefits. Company Overview • P&G was founded more than 185 years ago as a soap and candle company. It was founded in 1837, and is headquartered in Cincinnati, Ohio, USA, with a workforce of 10001+ employees. Its website is https://us.pg.com/. Apply tot his job Apply To this Job