hackajob
Offensive Security Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
hackajob is collaborating with Sporty Group to connect them with exceptional professionals for this role.
About The Role
Mission Strengthen Sporty’s offensive security posture by proactively testing and identifying vulnerabilities across our external perimeter, standalone virtual private servers (VPS), physical office infrastructure, and endpoint defenses. The Offensive Security Engineer owns the security testing, continuous perimeter monitoring, and reconnaissance across all Sporty Group external domains, websites, public IP blocks, and DNS configurations. This role works closely with IT, Network Engineering, SOC, and Security teams to convert external discovery, adversary emulation on EDR/XDR systems, and exploitation insights into tuned perimeter controls, firewall rules, and robust defensive guardrails.
What you'll be doing
- Monitor, map, and test Sporty’s entire external attack surface, including all Sporty Group external domains, subdomains, websites, and public IP addresses.
- Conduct adversary emulation exercises against internal and office endpoints to validate the effectiveness of EDR, XDR, and SOC monitoring platforms.
- Evaluate the security posture of physical office hardware, corporate network equipment, and internal edge infrastructure.
- Perform scoped offensive testing on external-facing web applications and limited, public-facing API endpoints.
- Translate external discovery, DNS security posture, network access control weaknesses, and EDR emulation findings into repeatable defensive checks.
- Support our Purple Team validate that EDR policies, perimeter controls, firewall rules, and network segmentation work as expected.
- Document multi-stage network or system exploitation chains to provide practical, reproducible remediation blueprints for infrastructure and SOC teams.
- Support IT and Network analysts with clear vulnerability descriptions, triage steps, severity logic, and escalation guidance.
- Improve external asset tracking, perimeter health records, and exposure trend mapping.
- Track external vulnerability gaps, emulation success rates, remediation times, asset health, and perimeter exposure.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What You'll Bring
- Experience in offensive security, perimeter penetration testing, network security assessments, or adversary emulation.
- Strong understanding of external asset discovery, DNS configuration vulnerabilities, and public IP network routing.
- Practical experience auditing and testing Linux and Windows environments and underlying network services.
- Ability to perform adversary emulation and bypass techniques against modern EDR/XDR solutions.
- Familiarity with testing physical office network hardware, routers, switches, firewalls, and workplace IT systems.
- Ability to turn external exposures and technical network risks into clear, actionable fixes for IT and Security teams.
- Experience with core web vulnerabilities and limited, scoped testing of modern API interfaces.
- Strong scripting ability in Python, PowerShell, Bash, or similar to automate perimeter mapping, emulation workflows, and asset discovery.
- Good understanding of scanning, reconnaissance, and interception tools.
- Strong documentation skills.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Technology Expertise
Any of the following: Kali Linux toolset, Nmap, Shodan, Censys, Masscan, Amass, Dig/DNS testing tools, Wireshark, Burp Suite, OWASP ZAP, Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, Atomic Red Team, Caldera, Python, PowerShell, Bash, VPS environments (Linux/Windows Server OS), Firewalls, Routers, Git, Jira, Confluence
What's in it for you
- Sporty is a remote-first company in pursuit of sustainability
- A competitive salary plus individual performance-based bonuses every quarter
- 28 days paid annual leave
- Core working hours of 10am-3pm in your local time zone, with flexibility outside of these hours
- Referral bonuses and flash bonuses
- Top-of-the-line equipment
- Annual company retreats that provide opportunities to connect and collaborate with colleagues from around the world
Interview Process
- Remote video screening with our Talent Acquisition Team
- Online assessment via Hackerrank
- Remote video interview with Team Members (60 Mins)
- Final discussion with the hiring manager (60 mins)
If you're interested, we encourage you to apply. Every application is reviewed by a member of our team, and we aim to respond within 48 hours.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location