Offensive Security Automation Engineer

Offensive Security Automation Engineer Position based in India, Full-time

About The Job

We are looking for an Offensive Security Automation Engineer who combines deep offensive security expertise with a builder mindset. This role is ideal for someone who enjoys designing and engineering systems that continuously test real-world attack paths, rather than performing only one-off penetration tests. You will lead the design and development of automated adversary simulation capabilities that continuously assess whether security controls can withstand realistic attacker behavior. The role requires a hands-on practitioner who can translate attacker techniques into repeatable testing workflows and build internal capabilities that validate real exploitation risk across complex environments. This is a product-centric red team role where engineering, automation, and operational security testing converge.

Key Responsibilities

Offensive Security Engineering Design and execute realistic adversary simulations that replicate tactics used by modern threat actors across infrastructure, applications, identity systems, and cloud environments. Develop repeatable attack workflows that validate whether vulnerabilities and exposures can actually be exploited in the organization’s environment. Move beyond theoretical risk by demonstrating real attack paths and potential business impact.

Security Validation Automation Architect and build an internal automated adversary simulation platform capable of running continuous security validation exercises. Convert manual offensive techniques into codified, repeatable testing modules. Implement systems that automatically verify whether security controls detect, prevent, or allow simulated attacker actions.

Exposure Validation & Attack Path Testing Validate identified exposures to determine true exploitability rather than theoretical vulnerability. Chain together multiple weaknesses to emulate end-to-end attacker workflows. Simulate post-compromise activities such as privilege escalation, lateral movement, and data access scenarios.

Product & Platform Development Take a product engineering approach to offensive security tooling. Build scalable frameworks for orchestrating attack simulations across different environments. Collaborate with engineering teams to integrate the platform into CI/CD pipelines and security monitoring systems.

Threat-Informed Testing Translate threat intelligence and adversary tradecraft into practical testing scenarios. Map attack simulations to widely used threat frameworks and attacker methodologies. Continuously expand the simulation library to reflect evolving attacker behavior.

Security Control Effectiveness Evaluate whether security tools and processes can detect, prevent, or respond to simulated attacks. Provide clear insights into gaps across detection, prevention, and response capabilities. Help security teams prioritize remediation based on validated exploitability and attack feasibility.

What We Need To See To succeed in this role, you should have: 6+ years of hands-on offensive security experience, including red teaming or advanced penetration testing. Strong experience replicating real attacker techniques across enterprise environments. Demonstrated ability to build automation frameworks for offensive security workflows. Experience validating vulnerabilities through real exploitation rather than theoretical analysis. Deep knowledge of Enterprise Active Directory / Identity Attack Techniques, Cloud Attack Vectors (AWS, GCP, Azure), Network Exploitation and Lateral Movement, Application and Infrastructure weaknesses. Proficiency in at least one scripting and development language, such as: Python, Go, Java, PowerShell, Bash

Preferred Experience Experience building offensive security platforms or internal tools used by security teams. Strong familiarity with modern attacker techniques and tradecraft. Experience translating security testing workflows into automated systems. Knowledge of threat frameworks such as MITRE ATT&CK. Experience validating security control effectiveness across: EDR/XDR, SIEM, Identity protection platforms, Cloud security controls.

What We Offer Gambit Cyber is an Equal Opportunity Employer, and we consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually to ensure we recognize outstanding team members. We provide our team members with additional benefits, and we balance our programs to meet local needs and ensure fairness globally. Some of the benefits include: Annual Rewards and Recognitions Annual holiday leave Maternity & Paternity leave

About Gambit Cyber B.V. Gambit Cyber B.V. is a Netherlands-headquartered cybersecurity company that helps businesses build robust, cyber threat-informed defense through its AI-native and risk-centric Preemptive Threat Exposure Management Platform, KnightGuard. Our core leadership team has a collective experience of over 100 years in cybersecurity and has been part of various leadership positions in global multinational organizations. We are proudly backed by a strong investor portfolio, including Expeditions Fund, Bitdefender, and seasoned angel investors. Their confidence in our vision not only fuels our growth but also brings invaluable expertise and strategic support to accelerate our journey.

More