Apply on Employer Site

AEG · 5 hours ago

Principal Penetration Testing Engineer

Los Angeles, CA

Full-time

Onsite

Lead/Staff

$180K/yr - $225K/yr

15+ years exp

AEG is a leader in transforming sports and live entertainment, and they are seeking a Principal Penetration Testing Engineer to enhance their offensive security program. This role involves architecting and executing sophisticated adversary emulation campaigns, conducting proactive threat hunting, and shaping the organization's security strategy at the highest levels.

Card and Board GamesLeisureSports

No H1B

Responsibilities

Design complex red team operations spanning weeks or months, operating covertly to test detection and response capabilities across the entire kill chain

Build and maintain sophisticated C2 infrastructure with multi-layer redirectors, domain fronting, and encrypted covert channels

Create comprehensive adversary emulation playbooks that defensive teams can use for tabletop exercises and detection validation

Develop custom tooling, exploits, and evasion techniques to bypass modern security controls (EDR, SIEM, DLP, next-gen firewalls)

Develop and refine detection engineering rules based on offensive TTPs, ensuring blue teams can identify sophisticated adversary behavior

Facilitate purple team exercises bringing red and blue teams together for collaborative security validation and continuous improvement:

Lead adversary emulation campaigns based on real threat actor TTPs, mapping all activities to MITRE ATT&CK and ensuring realistic simulation of APT groups targeting our industry

Conduct proactive threat hunting campaigns leveraging hypothesis-driven investigation, behavioral analytics, and threat intelligence

Conduct zero-day research and vulnerability discovery through fuzzing, patch analysis, and novel attack surface exploration

Test detection capabilities against realistic attack scenarios, identifying blind spots and tuning security controls for higher fidelity

Provide expert advice on eviction operations, coordinating simultaneous remediation across compromised systems while preventing adversary reinfection

Engage live adversaries in controlled scenarios to gather intelligence, understand objectives, and develop containment strategies

Serve as cyber security subject matter expert during active security incidents, applying offensive expertise to threat hunting, attack path reconstruction, and adversary prediction

Qualification

Penetration TestingAdversary EmulationIncident ResponseThreat HuntingRed Team OperationsDetection EngineeringSecurity ToolingGitCI/CD Security PracticesEvent-driven TechnologiesNOSQL DatabasesSecurity ResearchSoft Skills

Required

BS in Computer Science or 10 years full-time experience in a computer science role in lieu of a degree

15+ years in information security with at least 5 years in offensive security roles (red team, penetration testing, exploit development)

5+ years in incident response, threat hunting, or defensive security operations demonstrating deep understanding of detection and defensive capabilities

Proven track record leading complex red team engagements against Fortune 500 or similarly complex enterprise environments

Experience serving as technical subject matter expert or incident manager during active security incidents involving sophisticated adversaries

Demonstrated expertise conducting adversary emulation campaigns