Job Description
About the role:
We're seeking a passionate BAS Security Engineer to join our growing team and help shape the future of our STEP platform. This is an exciting opportunity to work on a universal agent-based architecture built in Rust and contribute to expanding our simulation capabilities across the entire cyber kill chain.
You'll be working on innovative security automation, developing new attack modules and helping organizations proactively identify vulnerabilities before real attackers do. If you're excited about staying ahead of threat actors and building tools that make a real difference in cybersecurity, we want to hear from you.
What You'll Build:
• Design and develop advanced attack simulation modules across the cyber kill chain with evasion capabilities
• Develop endpoint security testing modules with EDR/XDR evasion and defense validation against endpoint controls
• Implement web application attack simulations (SQL injection, XSS, API vulnerabilities) with WAF evasion capabilities and security control validation
• Design cloud security validation modules (Azure, AWS, GCP) with evasive cloud-native attack patterns
• Create ransomware simulation modules with defense evasion and security control validation
• Implement MITRE ATT&CK technique simulations with evasion tactics and detection capability validation against SIEM, EDR and other security controls
Technical Skills:
• Proficiency in at least one programming/scripting language (Python, Bash, PowerShell, Rust, C/C++)
• Strong understanding of cybersecurity fundamentals and the MITRE ATT&CK framework
• Knowledge of common attack vectors: phishing, malware, ransomware, lateral movement, privilege escalation
• Understanding of evasion techniques for bypassing security controls (EDR, AV, firewalls, IDS/IPS, DLP)
• Familiarity with security tools such as EDR, firewalls, IDS/IPS, SIEM or vulnerability scanners
• Understanding of network protocols, system administration (Windows/Linux) and security architecture
• Experience with penetration testing, red teaming, purple teaming or security research is a plus
Mindset & Approach:
• Curiosity-driven and eager to learn emerging attack techniques
• Creative problem-solver who thinks like both an attacker and defender
• Strong automation mindset with attention to detail
• Ability to research, document, and implement security test cases
• Collaborative team player who thrives in a fast-paced environment
• Passion for staying current with the latest cybersecurity threats and trends
Key Responsibilities
Module Development:
• Research and curate effective attack scenarios based on real-world threat intelligence
• Design, develop and test new BAS modules that simulate various attack techniques
• Create automated workflows for continuous security validation
• Develop custom payloads and attack chains mapped to MITRE ATT&CK
Platform Enhancement:
• Contribute to the evolution of our universal agent architecture with advanced evasion capabilities
• Optimize simulation performance, accuracy and stealth to mimic real threat actors
• Ensure non-disruptive, safe execution of attack simulations in production environments
• Build reporting and analytics capabilities showing security control effectiveness and gaps
• Develop validation mechanisms to test detection capabilities of SIEM, EDR and other security tools after each simulation testcase
Collaboration & Research:
• Work closely with the development team to integrate new modules into STEP
• Stay updated on emerging threats, vulnerabilities and attack techniques
• Collaborate with customers to understand their security validation needs
• Contribute to documentation, best practices and knowledge sharing
Quality & Innovation:
• Test and validate simulation accuracy against real security controls
• Ensure modules cover diverse attack vectors across network, endpoint, application and cloud layers
• Propose innovative features and capabilities to enhance platform value
• Maintain code quality, security, and performance standards
Nice to have:
• Security certifications
• Experience with Rust or willingness to learn
• Contributions to open-source security tools or research
• Experience with commercial BAS platforms (SafeBreach, Cymulate, AttackIQ, Picus)
• Understanding of compliance frameworks (PCI-DSS, ISO 27001, NIST)
Why Join P.I.V.O.T Security?
At P.I.V.O.T Security, we believe that the best defense is knowing your weaknesses before attackers do. Our mission is to democratize advanced security testing and make continuous threat validation accessible to organizations of all sizes.
You'll be joining a team that values:
• Innovation - Building next-generation security solutions
• Impact - Helping organizations prevent real-world breaches
• Growth - Learning, experimenting, and evolving with the threat landscape
• Collaboration - Working together to solve complex security challenges
How to Apply
If you're excited about building automated attack simulations, thinking like an adversary, and contributing to a platform that strengthens cybersecurity defenses, we'd love to hear from you!
Apply now at [email protected] with your attached resumes.
P.I.V.O.T Security is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
💡 Quick Summary
Seeking a career-building opportunity? The Security Engineer - Breach and Attack Simulation position is now open for candidates interested in the Security Guard Jobs sector. This role in New Delhi offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Security Guard Jobs is a plus.
