Offensive Cyber security Engineer

Sodexo Business Services (SBS) is currently looking for a self-driven Cloud & Core IT Cybersecurity Architect, to join its growing team.

A day in the life of a Offensive Cyber Security Engineer

ln the context of Sodexo’s global digital transformation and within the Global Information Cyber Security team, we are looking for an experienced Offensive Cyber Security Engineer to join our internal Security Architecture and Engineering Team. You will operate as an ethical attacker, continuously identifying, validating, and helping remediate the most critical risks across our entire environment

Your day-to-day

  • Lead and perform structured threat modeling (STRIDE, attack trees, MITRE ATT&CK mapping) for new features, products, applications and major architectural changes in collaboration with Global and Local Cloud, Digital and Data teams.
  • Design and execute sophisticated red team engagements and breach and attack simulation (BAS) campaigns, including:
    • Persistent, stealthy, long-term operations mimicking advanced persistent threat actors
    • Assume-breach scenarios starting from endpoints, cloud workloads, identities, or external attack surface.
    • Physical, social engineering, and hybrid attacks when required.
  • Continuously run automated and manual adversary emulation campaigns using tools such as Covenant, Sliver, Cobalt Strike, Caldera, Infection Monkey, Stratus Red Team, Atomic Red Team, and custom frameworks.
  • Develop and maintain custom tooling, payloads, and infrastructure to bypass modern EDR/XDR, cloud-native detections, and SIEM rules.
  • Perform in-depth post-exploitation research and lateral movement across Azure, Kubernetes, Active Directory, On-premises and SaaS environments.
  • Provide clear, actionable remediation guidance and work directly with blue team and engineering to validate fixes.
  • Contribute to the maturity of detection engineering by delivering high-quality threat intel, new detection logic, and attack playbooks.
  • Track and report on the organization’s evolving attack surface and overall crown-jewel risk exposure.
  • Mentor junior red team members and raise offensive security awareness across the company.

Requirement/Qualifications

  • BS in Computer Science or Information Security, MS in Computer Science or Information Security is preferred.
  • 5+ years of hands-on offensive security experience (red team, penetration testing, or similar)
  • Deep expertise in threat modeling methodologies and practical application in agile environments.
  • Track record of executing full-scope red team operations in Azure.
  • Experience in delivering impactful offensive security outcomes, including successful bug bounty engagements, exploit development, and contributions to broader security research (e.g., publishing advisories, developing open-source tools, or presenting at industry conferences)
  • Advanced knowledge of MITRE ATT&CK, Cyber Kill Chain, and modern adversary TTPs.
  • Strong development/scripting skills (Python, Go, PowerShell, Bash) and experience building or extending red team tooling.
  • Proficiency with industry-standard C2 frameworks (Cobalt Strike, Sliver, Covenant, etc.) and living-off-the-land techniques.
  • Solid understanding of Kubernetes, IAM, CI/CD security, and modern application architectures.  
  • Excellent for social engineering, physical breaches, and OSINT is a strong plus.
  • Relevant certifications strongly preferred: OSCP, OSCE, OSEP, CARTP CRTO, PNPT, GREM, or equivalent real-world achievements.

What you´ll need to succeed:

  • Strong interpersonal communication skills
  • ability to convince, and interact with people at all levels of the IS&T organization
  • Fluent in English, with excellent writing skills. France is a plus.

Benefits

  • Hybrid working model;
  • Flexible working hours;
  • Health & Life Insurance;
  • Attractive Meal allowance paid in Meal Card;
  • Additional Days off: extra vacation day, employee’s birthday, volunteering day;
  • More than 6000 free online courses;
  • Opportunity to grow professionally inside the Company;
  • Possibility to participate in multicultural projects;
  • Several internal activities aiming to promote our team´s wellbeing


If you want to be part of our team, please send us your resume to the email: Recruitment.SBS.Portugal@sodexo.com

Don´t forget to put on the subject the role you´re applying for.