OneMain Financial Jobs

Job Description

Design and execute attack scenarios mapped to MITRE ATT&CK techniques

Assist in maintaining and enhancing internal offensive security toolkits and operator playbooks

Develop or modify scripts in Python, PowerShell, and Bash to support Red Team activities

Conduct phishing, vishing, and other social engineering attacks to assess human-layer risk

Maintain strict operational security during engagements, including infrastructure hygiene, traffic obfuscation, and log minimization

Ensure all engagements are executed safely without disrupting production environments

Produce detailed technical reports documenting attack paths, vulnerabilities, and exploitation techniques

Map findings to MITRE ATT&CK techniques and provide clear, actionable remediation guidance

Participate in purple team debriefs to help defensive teams understand attacker techniques and detection improvement opportunities

Collaborate closely with SOC, Incident Response, and engineering teams to validate detections and enhance defensive capabilities

Support the development of detection use cases, logging improvements, and incident response playbooks

Pay Rate will be between $10-$14 an hour depending on skills and experience.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

Required Experience

4–7 years of experience in Information Security Compliance, Red Team, or a related field

Proven experience conducting Red Team assessments and infrastructure penetration testing

Hands-on experience operating within Red Team environments

Essential Skills

Ability to execute end-to-end attack chains, including reconnaissance, exploitation, lateral movement, persistence, and exfiltration

Conduct internal and external attack simulations emulating realistic threat actor TTPs

Demonstrated experience with exploitation, privilege escalation, lateral movement, and post-exploitation techniques across Windows and Linux environments

Strong understanding of network protocols, authentication mechanisms, and common security misconfigurations

Perform web application, infrastructure, and cloud-focused attacks as part of multi-vector engagements

Experience utilizing command-and-control (C2) frameworks such as Cobalt Strike, Empire, or Covenant to develop and manage covert operations

Proven ability to think creatively and simulate an attacker mindset

Ability to operate discreetly and ethically under strict confidentiality controls

Provide training and delegate tasks to lower-level security engineers

Excellent written communication and technical documentation skills

Collaborate with analysts and engineers to test, validate, and deploy remediation fixes

Desired Skills

Experience with Active Directory attack paths, including Kerberoasting, AS-REP Roasting, constrained and unconstrained delegation abuse, DCsync/DCshadow, and BloodHound path reduction

Practical offensive security experience in Azure/Microsoft 365 (Entra ID) and/or Google Cloud Platform (GCP), including identity abuse, misconfigured roles and policies, workload identity takeover, OAuth application abuse, and cross-tenant risks

Initial access tradecraft, including macro-less delivery, HTA/JavaScript techniques, OAuth abuse, token replay, and cloud misconfiguration pivots

Experience building operator-grade tools using Python, Go, or PowerShell beyond simple scripting (e.g., custom loaders, C2 extensions, OPSEC-safe reconnaissance tooling)

Advanced web exploitation techniques such as SSRF metadata pivots, deserialization chains, cache poisoning, and template injection

Knowledge of API attack patterns, including authentication and authorization flaws, mass assignment, BOLA vulnerabilities, and GraphQL nuances

Exposure to mobile application or thick-client security assessments

Understanding of blue team telemetry (e.g., Sysmon, Microsoft Defender for Endpoint, Splunk) to plan stealthy operations and propose detection use cases from an offensive perspective

Awareness of evidence handling and clean artifact capture to support post-engagement analysis

Experience with Red Team infrastructure buildout, including domain fronting, redirector chains, TLS fingerprinting evasion, staging servers, and resilient DNS configurations

Ability to deliver executive-ready storytelling, including attack path narratives, business impact translation, and risk-based remediation roadmaps

Strong visual reporting skills, including attack flow diagrams, MITRE ATT&CK heatmaps, and kill chain overlays

Experience leading a Red Team workstream (e.g., phishing, Active Directory, cloud) and mentoring junior operators

Exposure to Red Team operations in regulated environments (PCI, SOX, HIPAA) with appropriate safe-testing controls