Offensive Security Engineer

Who we are?

We are AB InBev, a Global leading brewer and one of the largest consumer goods company in the world. We are proud owners of brands like Budweiser, Corona, Stella Artois, and other 500 local and regional brands. With 180,000 employees passionate about beer and operating in over 50 markets, our brands are sold in more than 150 countries worldwide.

Join our team to provide Cyber Security solutions to AB InBev. We are looking for an Offensive Security Engineer.

Who are we looking for?

We’re looking for a versatile, highly skilled Red Teamer with a passion for offensive security. Your mission: outsmart adversaries, simulate real-world threats, and help us protect what matters most. If reaching the Crown Jewels feels like victory - we want you on our team!

Responsibilities:

• Plan and execute Red Team engagements and adversary emulation campaigns across Windows, macOS, Linux, cloud, and web environments.
• Develop, test, and run exploitation chains, post-exploitation tooling, and persistence techniques.
• Conducting vulnerability assessments and security audits to evaluate the effectiveness of existing security controls.
• Maintain and operate offensive tooling and infrastructure (C2, build servers, VM images).
• Research and evaluate emerging attack techniques, defensive controls, vendor solutions, and industry best practices; produce assessments and recommendations to inform architectural and product decisions.
• Collaborate with SOC, IR, Threat Hunt and Blue Team to validate detections and tune playbooks.
• Produce clear, evidence-backed reports and executive briefings that document findings, business impact, and prioritized remediation recommendations.
• Assess the domain-specific tools needed to address business demand and requirements, producing associated estimates, documenting assumptions and resourcing requirements, and ensuring proposed solutions are aligned with relevant road maps.
• Providing training and guidance to other members of the security team.

Requirments:

• Demonstrable adversarial mindset and strong critical‑thinking/problem‑solving skills with a focus on realistic threat simulation.
• 3+ years hands‑on experience conducting Red Team operations, adversary emulation, or advanced penetration testing in enterprise environments.
• Practical experience using and administering post‑exploitation/C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic) or robust homegrown tooling; comfortable developing and customizing payloads and modules.
• Experience with using, administering, and troubleshooting at least two major flavors of Windows, and Linux, including Ubuntu or RedHat.
• Experience with scripting and editing existing code and programming using one or more of the following: Perl, Python, Ruby, bash, C/C++, C#, or Java.
• Knowledge of open security testing standards and projects, including OWASP, or MITRE ATT&CK Framework.
• Experience testing and assessing cloud environments (AWS, Azure, and/or GCP) including identity, networking, serverless, and container attack paths.
• Deep, practical knowledge of Active Directory (design, authentication, delegation, Kerberos, common abuse paths and mitigations).
• Strong understanding of security methodologies and controls across identity, endpoint, network, cloud, and application layers.
• Excellent written and verbal communication skills — able to translate technical findings into clear remediation tasks and executive‑level risk summaries.
• Professionalism working in complex, diverse, and global teams; experience collaborating with SOC, IR, threat hunting, and engineering teams.

Advantage:

• Bachelor’s degree in computer science, information systems, or related field.
• Professional certifications such as OSCP/E, OSEP, GPEN, CEH, and similar.
• Familiarity with malware development, binary analysis, and reverse engineering tools (IDA, Ghidra) or developing custom post‑exploitation binaries.
• Security community participation (tool development, contributor etc. )