As a Senior Software Engineer – Infosec Compliance, you will play a critical role in building, securing, and maintaining engineering solutions that support the organization’s global information security objectives. You will design and deploy monitoring, compliance, and threat detection capabilities that enable continuous assurance and visibility across our tech landscape. Working closely with cross-functional teams, you will ensure our security tooling, telemetry, and alerting systems are resilient, scalable, and support a proactive risk posture.

•Red Team Assessments

•Infrastructure Pentester

•Atleast one relevant certification (OSCP, CRTO, OSWP, OSEP, PNPT or anything similar)

•Programming, Python, etc.

•Execute end-to-end attack chains including reconnaissance, exploitation, lateral movement, persistence, and exfiltration.

•Conduct both internal and external attack simulations emulating realistic threat actor TTPs.

•Demonstrated experience with exploitation, privilege escalation, lateral movement, and post-exploitation techniques across Windows and Linux environments.

•Strong understanding of network protocols, authentication mechanisms, and common misconfigurations.

•Perform web application, infrastructure, and cloud-focused attacks as part of multi-vector engagements.

•Experience in utilizing C2 frameworks (e.g., Cobalt Strike, Empire, Covenant) to develop and manage covert operations.

•Design and execute attack scenarios mapped to MITRE ATT&CK techniques. Assist in maintaining and improving internal offensive toolkits and operator playbooks.

•Develop or modify scripts in Python, PowerShell, and Bash to support red team activities.

•Conduct phishing, vishing, and other engineered attacks to assess human-layer risk.

•Maintain strict operational security during engagements, including infrastructure hygiene, traffic obfuscation, and log minimization.

•Ensure engagements are executed safely, without disrupting production environments.

•Produce detailed technical reports documenting attack paths, vulnerabilities, and exploitation steps.

•Map findings to MITRE techniques and provide actionable remediation guidance.

•Participate in purple team debriefs, helping defenders understand attacker techniques and opportunities for improved detection.

•Work closely with SOC, IR, and engineering teams to validate detections and improve defensive capabilities.

•Support the development of detection use cases, logging improvements, and response playbooks.

•Proven ability to think creatively and simulate attacker mindset.

•Ability to operate discreetly and ethically under strict confidentiality controls.

• Provides training and delegates tasks to lower-level security engineers.

•Excellent written communication and documentation skills.

•Collaborate with analysts and engineers to test, validate, and deploy fixes.

•Relevant Industry certification such as OSEP, OSWA, OSED, CRTP/CRTE, CARTP, eWPTX/eCPTX, GIAC (GPEN/GWAPT/GXPN/GCIA), Cobalt Strike Certified Operator (or vendor equivalents).

•Bachelor's degree in Cybersecurity, Computer Science, Information Assurance, Risk Management, or a related field, or equivalent practical experience.

•Active Directory attack paths (Kerberoasting/AS-REP Roasting, constrained/unconstrained delegation abuse, DCsync/DCshadow) and BloodHound path reduction.

•Practical offensive experience in Azure/Microsoft 365 (Entra ID) and/or AGCP: identity abuse, misconfigured roles/policies, workload identity takeover, OAuth app abuse, cross‑tenant risks.

•Initial access tradecraft (macro-less delivery, HTA/JS, OAuth abuse, token replay, cloud misconfig pivots).

•Building operator-grade tools in Python/Go/PowerShell beyond simple scripts (e.g., custom loaders, C2 extensions, wrappers for OPSEC-safe recon).

•Advanced web exploitation (SSRF to metadata pivot, deserialization chains, cache poisoning, template injection).

•API attack patterns (authN/authZ flaws, mass assignment, BOLA) and GraphQL nuances.

•Practical mobile or thick‑client assessment exposure.

•Understanding of blue team telemetry (Sysmon/MDE/Splunk) to plan stealthy operations; ability to propose detection use cases from offensive POV.

•Evidence handling awareness for clean artifact capture in support of post‑engagement analysis.

•Red team infra buildout: domain/fronting, redirector chains, TLS fingerprinting avoidance, staging servers, resilient DNS.

•Executive‑ready storytelling: attack path narratives, business impact translation, and remediation roadmaps with risk‑based prioritization.

•Strong visual reporting (attack flow diagrams, ATT&CK heatmaps, kill chain overlays).

•Experience leading a workstream (e.g., phishing, AD, cloud) and mentoring junior operators.

•Exposure to red team in regulated environments (PCI, SOX, HIPAA) with safe‑testing controls.

•Red Team Assessments

•Infrastructure Pentester

•Atleast one relevant certification (OSCP, CRTO, OSWP, OSEP, PNPT or anything similar)

•Programming, Python, etc.

• Be part of a globally recognized leader in the home improvement sector, committed to operational excellence and sustainability

• Opportunity to contribute to a rapidly expanding Global Technology Center (GTC) in Chennai, playing a vital role in global operations

• Exposure to diverse global technology environment and cross-functional team collaborations

• Competitive compensation package and comprehensive benefits

• Clear pathways for career advancement and continuous learning opportunities within a high-performance organization