Offensive Security Specialist

About The Role :As a Cybersecurity Offensive Specialist at Capgemini, you’ll play a critical role in strengthening our clients’ security posture by proactively uncovering and exploiting weaknesses in their systems. You’ll join a collaborative team of offensive and defensive experts—sharing insights with incident responders, purple teams, and architects—to drive continuous improvement across people, processes, and technology.Responsibilities :Proactive Security AssessmentsIdentify, analyze and prioritize vulnerabilities, misconfigurations, and design gaps in networks, applications, and infrastructure.Drive “security by design” improvements through clear, actionable recommendations.Collaboration & Knowledge SharingWork closely with incident response, SOC, and purple‑team colleagues to translate offensive findings into enhanced detection and remediation strategies.Present technical findings and remediation roadmaps to both technical teams and executive stakeholders.Key ActivitiesVulnerability Assessment SpecialistConfigure and run automated scans (e.g. Nessus, Tenable.io) against target environments.Manually validate scan results, triage false positives, and assess business impact.Produce detailed assessment reports and present findings to clients.Contribute to purple‑team exercises to validate detection and prevention controls.Penetration Testing SpecialistPlan and execute scoped pentests—both manual and tool‑driven (e.g. Burp Suite, Metasploit, Cobalt Strike).Exploit identified weaknesses to validate risk, then propose realistic remediation steps.Evaluate the maturity of existing security controls and vulnerability management processes.Deliver comprehensive engagement reports and debrief sessions with client teams.Red Teaming SpecialistDesign and run multi‑phased red‑team exercises emulating advanced persistent threat tactics, techniques, and procedures.Employ stealthy evasion and privilege‑escalation methods to demonstrate worst‑case impact.Evaluate and challenge blue‑team detection, response playbooks, and incident handling capabilities.Lead post‑exercise “lessons learned” workshops and help harden defenses.Required Skills and Experience :Core Expertise 3+ years hands‑on experience in one or more offensive disciplines.Proven ability to translate technical findings into business‑oriented risk narratives.Excellent written and verbal communication skills.Vulnerability AssessmentMastery of vulnerability scanning platforms (e.g. Nessus, Rapid7, Qualys).Penetration TestingDeep familiarity with web, network, and API pentesting toolchains (Burp Suite, Cobalt Strike, Metasploit).Red TeamingAdvanced skills in adversary emulation, covert C2, stealthy payload delivery, and lateral movement.Additional Skills :Industry certifications such as OSCP, OSCE, CRTO, or GXPN.Scripting proficiency (Python, PowerShell, Bash) for automation and custom tooling.Experience testing cloud and container environments (AWS, Azure, GCP, Kubernetes).Prior work in regulated sectors (finance, healthcare, government)