Note: The job is a remote job and is open to candidates in USA. Procter & Gamble is a global leader in consumer goods, seeking a Senior Offensive Security Engineer for their Information Security Protect organization. This role involves leading red team operations to simulate cyber threats and improve security measures across their enterprise systems.
Responsibilities
• Lead end-to-end red team operations aligned to priority threat actors: scenario design, ROE, pre-briefs, execution, and hot-wash/AAR
• Support purple-team engagements with DFIR/SOC and Detection Engineering to convert TTPs into durable detections, runbooks, and response improvements with measurable outcomes
• Orchestrate assumed-breach campaigns emphasizing evasion and control bypass (EDR/AV, email/web security, identity/conditional access, network segmentation, cloud guardrails)
• Perform campaign/TTP research, develop internal PoCs/tooling (e.g., tradecraft to exercise specific controls, lightweight payloads), and steward OPSEC
• Produce executive-ready risk narratives and technical reporting (ATT&CK mapping, artifacts, evidence handling) and brief senior leadership
• Mentor junior engineers; set standards for craft quality, methodology, and safety
• Coordinate multi-party/third-party exercises; manage risk, deconflict with production, and ensure stakeholder alignment
• Contribute to operational expansion by researching, prototyping, and developing novel capabilities for offensive use
• Contribute to program maturity: metrics/KPIs, roadmap, methodology standardization, control validation cadence, and integration with vulnerability management
Skills
• BA or BS degree in Information Security, Cyber Security, Computer Science, or related field (OR 7+ years of relevant experience required in lieu of a degree)
• 3+ years running offensive or emulation operations in large/complex environments, with demonstrated impact on detections/response
• Expertise across 2+ domains: enterprise/web/mobile apps; identity; cloud (AWS/GCP/Azure); network/endpoint; IoT/OT; or directory services
• Proven ability to bypass preventative/detective controls and reach mission objectives while maintaining safety and ROE
• Strong engineering skills (Python, PowerShell, GO, C++, Web Frameworks); comfort with low-level concepts a plus) and familiarity with C2 tradecraft
• Deep command of MITRE ATT&CK and threat-informed defense; history partnering with DFIR/SOC and Detection Engineering
• Excellent executive and technical communication
• Leadership of purple-team campaigns and incident-driven emulations; closed-loop improvements with measurable KPI movement
• Building program metrics/KPIs, standardizing reporting, and integrating with risk governance
• Threat-intel integration: actor/campaign analysis, hypothesis generation, and prioritization tied to business impact
• Identity and cloud attack paths (SSO, MFA, OAuth, PAM; AWS/GCP/Azure control planes) with hardening collaboration across platform/IDAM teams
• Coordinating large third-party exercises and setting complex ROE
Benefits
• Total rewards at P&G include salary + bonus (if applicable) + benefits.
Company Overview
• P&G was founded more than 185 years ago as a soap and candle company. It was founded in 1837, and is headquartered in Cincinnati, Ohio, USA, with a workforce of 10001+ employees. Its website is https://us.pg.com/.