About The Role :
As a Cybersecurity Offensive Specialist at Capgemini, you’ll play a critical role in strengthening our clients’ security posture by proactively uncovering and exploiting weaknesses in their systems. You’ll join a collaborative team of offensive and defensive experts—sharing insights with incident responders, purple teams, and architects—to drive continuous improvement across people, processes, and technology.
Responsibilities :
- Proactive Security Assessments
- Identify, analyze and prioritize vulnerabilities, misconfigurations, and design gaps in networks, applications, and infrastructure.
- Drive “security by design” improvements through clear, actionable recommendations.
- Collaboration & Knowledge Sharing
- Work closely with incident response, SOC, and purple‑team colleagues to translate offensive findings into enhanced detection and remediation strategies.
- Present technical findings and remediation roadmaps to both technical teams and executive stakeholders.
Key Activities
- Vulnerability Assessment Specialist
- Configure and run automated scans (e.g. Nessus, Tenable.io) against target environments.
- Manually validate scan results, triage false positives, and assess business impact.
- Produce detailed assessment reports and present findings to clients.
- Contribute to purple‑team exercises to validate detection and prevention controls.
- Penetration Testing Specialist
- Plan and execute scoped pentests—both manual and tool‑driven (e.g. Burp Suite, Metasploit, Cobalt Strike).
- Exploit identified weaknesses to validate risk, then propose realistic remediation steps.
- Evaluate the maturity of existing security controls and vulnerability management processes.
- Deliver comprehensive engagement reports and debrief sessions with client teams.
- Red Teaming Specialist
- Design and run multi‑phased red‑team exercises emulating advanced persistent threat tactics, techniques, and procedures.
- Employ stealthy evasion and privilege‑escalation methods to demonstrate worst‑case impact.
- Evaluate and challenge blue‑team detection, response playbooks, and incident handling capabilities.
- Lead post‑exercise “lessons learned” workshops and help harden defenses.
Required Skills and Experience :
- Core Expertise
- 3+ years hands‑on experience in one or more offensive disciplines.
- Proven ability to translate technical findings into business‑oriented risk narratives.
- Excellent written and verbal communication skills.
- Vulnerability Assessment
- Mastery of vulnerability scanning platforms (e.g. Nessus, Rapid7, Qualys).
- Penetration Testing
- Deep familiarity with web, network, and API pentesting toolchains (Burp Suite, Cobalt Strike, Metasploit).
- Red Teaming
- Advanced skills in adversary emulation, covert C2, stealthy payload delivery, and lateral movement.
Additional Skills :
- Industry certifications such as OSCP, OSCE, CRTO, or GXPN.
- Scripting proficiency (Python, PowerShell, Bash) for automation and custom tooling.
- Experience testing cloud and container environments (AWS, Azure, GCP, Kubernetes).
- Prior work in regulated sectors (finance, healthcare, government)
Report job
