Offensive Security Specialist

Offensive Security Specialist Department: Offensive Security Employment Type: Full Time Location: Remote - United States Description The Offensive Security Specialist is a practicing penetration tester who independently executes client engagements across DeepSeas' core service lines. This role represents the transition from emerging practitioner to confident, self-sufficient contributor. Specialists own their engagements end-to-end within defined scope, produce client-ready deliverables without heavy oversight, and are developing the depth and breadth needed to tackle increasingly complex environments. This is the primary delivery role on the team and the foundation of the practice's capacity.

Key Responsibilities

Following are the major results needed for success in the role. Additional responsibilities, tasks and duties will be assigned and required as needed.

• Conduct internal and external network penetration tests including enumeration, exploitation, lateral movement, and post-exploitation within defined scope
• Perform web application assessments aligned to OWASP Top 10 and API security testing standards
• Conduct basic cloud security assessments (AWS, Azure, GCP) including misconfiguration identification, IAM review, and exposed services enumeration
• Support AI/LLM security assessments including prompt injection, model abuse scenarios, and OWASP LLM Top 10 coverage under senior guidance
• Produce complete, client-ready findings reports with clear technical narratives, reproduction steps, risk ratings, and remediation guidance
• Participate in client kick-off calls and debrief walkthroughs, communicating findings professionally to technical and non-technical stakeholders
• Maintain accurate engagement documentation, time tracking, and artifact organization in project management systems
• Pursue continuous development through assigned training, lab environments, and certification advancement
• May be required to travel up to 50% of the time.
• Must be a US Citizen.

Experience, Education and Skills Required

• 1–3 years of professional penetration testing or applied offensive security experience; strong candidates with equivalent demonstrated skills will be considered.
• Hands-on penetration testing certification preferred. Examples include PNPT (TCM Security), OSCP (Offensive Security), CompTIA PenTest+, or eWPT/eJPT with demonstrated experience
• Proficiency with standard toolsets: Nmap, Metasploit, Burp Suite, Nessus/OpenVAS, BloodHound, or equivalents.
• Solid understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, AD, VPNs) and common vulnerability classes.
• Familiarity with at least one scripting language (Python, Bash, or PowerShell) for basic automation and tooling.
• Exposure to cloud platforms (AWS, Azure, or GCP) and awareness of common cloud misconfiguration patterns.
• Strong written communication with the ability to produce accurate, professional-quality findings documentation.

Why DeepSeas? At Deep Seas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t Deep Seas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:

• We are client obsessed.
• We stand in solidarity with our teammates.
• We prioritize personal health and well-being.
• We believe in the power of diversity.
• We solve hard problems at the speed of cyber.

This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk! Information security is everyone’s responsibility:

• Understanding and following DeepSeas’s information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.
• Actively participating in DeepSeas’s efforts to maintain and improve information security.
• DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data.
• This information must be treated with sensitivity and in the most secure manner.
• HR reserves the right to perform random background/drug screens to ensure the safety of client/DeepSeas data