Offensive Security Specialist

Capgemini
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Tech stack

Application Programming Interfaces (APIs)
Amazon Web Services
Software System Penetration Testing
Microsoft Azure
Bash Shell
Burp Suite
Computer Security
Python (Programming Language)
Windows PowerShell
Software Vulnerability Management
Scripting
Google Cloud
Kubernetes
Metasploit
Nessus
Qualys
Vulnerability Analysis

Job description

As a Cybersecurity Offensive Specialist at Capgemini, you'll play a critical role in strengthening our clients' security posture by proactively uncovering and exploiting weaknesses in their systems. You'll join a collaborative team of offensive and defensive experts-sharing insights with incident responders, purple teams, and architects-to drive continuous improvement across people, processes, and technology., * Proactive Security Assessments

  • Identify, analyze and prioritize vulnerabilities, misconfigurations, and design gaps in networks, applications, and infrastructure.

  • Drive "security by design" improvements through clear, actionable recommendations.

  • Collaboration & Knowledge Sharing

  • Work closely with incident response, SOC, and purple-team colleagues to translate offensive findings into enhanced detection and remediation strategies.

  • Present technical findings and remediation roadmaps to both technical teams and executive stakeholders.

Key Activities

  1. Vulnerability Assessment Specialist
  • Configure and run automated scans (e.g. Nessus, Tenable.io) against target environments.
  • Manually validate scan results, triage false positives, and assess business impact.
  • Produce detailed assessment reports and present findings to clients.
  • Contribute to purple-team exercises to validate detection and prevention controls.
  1. Penetration Testing Specialist
  • Plan and execute scoped pentests-both manual and tool-driven (e.g. Burp Suite, Metasploit, Cobalt Strike).
  • Exploit identified weaknesses to validate risk, then propose realistic remediation steps.
  • Evaluate the maturity of existing security controls and vulnerability management processes.
  • Deliver comprehensive engagement reports and debrief sessions with client teams.
  1. Red Teaming Specialist
  • Design and run multi-phased red-team exercises emulating advanced persistent threat tactics, techniques, and procedures.
  • Employ stealthy evasion and privilege-escalation methods to demonstrate worst-case impact.
  • Evaluate and challenge blue-team detection, response playbooks, and incident handling capabilities.
  • Lead post-exercise "lessons learned" workshops and help harden defenses.

Requirements

  • Core Expertise

  • 3+ years hands-on experience in one or more offensive disciplines.

  • Proven ability to translate technical findings into business-oriented risk narratives.

  • Excellent written and verbal communication skills.

  • Vulnerability Assessment

  • Mastery of vulnerability scanning platforms (e.g. Nessus, Rapid7, Qualys).

  • Penetration Testing

  • Deep familiarity with web, network, and API pentesting toolchains (Burp Suite, Cobalt Strike, Metasploit).

  • Red Teaming

  • Advanced skills in adversary emulation, covert C2, stealthy payload delivery, and lateral movement.

Additional Skills :

  • Industry certifications such as OSCP, OSCE, CRTO, or GXPN.
  • Scripting proficiency (Python, PowerShell, Bash) for automation and custom tooling.
  • Experience testing cloud and container environments (AWS, Azure, GCP, Kubernetes).
  • Prior work in regulated sectors (finance, healthcare, government)

Apply for this position