Principal Offensive Security Engineer - Ally Financial

Key Responsibilities

• Design, plan, and execute complex penetration tests and red‑team engagements across on‑premise, cloud, and hybrid environments.
• Develop custom exploitation tools and scripts using Python and other scripting languages to uncover hidden vulnerabilities.
• Collaborate with development, infrastructure, and product teams to integrate security findings into secure design and remediation processes.
• Provide technical leadership and mentorship to junior security engineers, fostering a culture of continuous learning and improvement.
• Produce detailed technical reports and executive briefings that clearly communicate risk, impact, and recommended mitigations.

Requirements

• 10+ years of hands‑on experience in offensive security, including extensive penetration testing of web, mobile, network, and cloud platforms.
• Deep expertise in Linux environments, scripting (Python preferred), and common exploitation frameworks (e.g., Metasploit, Burp Suite).
• Proven track record of identifying and exploiting vulnerabilities in AWS, Azure, or GCP environments.
• Strong understanding of threat modeling, attack vectors, and secure development lifecycle practices.
• Relevant certifications such as OSCP, OSCE, GPEN, or equivalent are highly desirable.