
Offensive Security Engineer
Sporty GroupAbout the role
Mission Strengthen Sporty’s offensive security posture by proactively testing and identifying vulnerabilities across our external perimeter, standalone virtual private servers (VPS), physical office infrastructure, and endpoint defenses. The Offensive Security Engineer owns the security testing, continuous perimeter monitoring, and reconnaissance across all Sporty Group external domains, websites, public IP blocks, and DNS configurations. This role works closely with IT, Network Engineering, SOC, and Security teams to convert external discovery, adversary emulation on EDR/XDR systems, and exploitation insights into tuned perimeter controls, firewall rules, and robust defensive guardrails.
What you'll be doing
- Monitor, map, and test Sporty’s entire external attack surface, including all Sporty Group external domains, subdomains, websites, and public IP addresses.
- Conduct adversary emulation exercises against internal and office endpoints to validate the effectiveness of EDR, XDR, and SOC monitoring platforms.
- Evaluate the security posture of physical office hardware, corporate network equipment, and internal edge infrastructure.
- Perform scoped offensive testing on external-facing web applications and limited, public-facing API endpoints.
- Translate external discovery, DNS security posture, network access control weaknesses, and EDR emulation findings into repeatable defensive checks.
- Support our Purple Team validate that EDR policies, perimeter controls, firewall rules, and network segmentation work as expected.
- Document multi-stage network or system exploitation chains to provide practical, reproducible remediation blueprints for infrastructure and SOC teams.
- Support IT and Network analysts with clear vulnerability descriptions, triage steps, severity logic, and escalation guidance.
- Improve external asset tracking, perimeter health records, and exposure trend mapping.
- Track external vulnerability gaps, emulation success rates, remediation times, asset health, and perimeter exposure.
What you'll bring
- Experience in offensive security, perimeter penetration testing, network security assessments, or adversary emulation.
- Strong understanding of external asset discovery, DNS configuration vulnerabilities, and public IP network routing.
- Practical experience auditing and testing Linux and Windows environments and underlying network services.
- Ability to perform adversary emulation and bypass techniques against modern EDR/XDR solutions.
- Familiarity with testing physical office network hardware, routers, switches, firewalls, and workplace IT systems.
- Ability to turn external exposures and technical network risks into clear, actionable fixes for IT and Security teams.
- Experience with core web vulnerabilities and limited, scoped testing o
Opens the company's application page
Listed via
Jobicy
jobicy.com
Similar roles
Design & Tech
Related reads from TCHNX

The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.

The Quiet Revolution in Edge AI: Why Your Next Computer Might Not Need the Cloud
As neural processing units become standard in consumer devices, we're witnessing a fundamental shift in how AI applications work. Local processing is no longer a fallback; it's becoming the preferred architecture.

The Rise of AI-Assisted Code Generation 2: Are Developers Becoming Prompt Engineers?
As AI coding assistants reshape software development, the industry grapples with a fundamental question: is writing code giving way to writing prompts? We examine how London's tech scene is adapting to this seismic shift.

