Senior Security Engineer I, InfoSec (Red Team)

In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We value the diverse backgrounds and perspectives that enable us to think globally. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.

Kroll is the premier global valuation and corporate finance advisor with expertise in complex valuation, disputes and investigations, M&A, restructuring, and compliance and regulatory consulting. Our professionals balance analytical skills, deep market insight and independence to help our clients make sound decisions. As an organization, we think globally—and encourage our people to do the same.

As a Senior Security Engineer specializing in Red Teaming, you’ll play a critical role in assessing and enhancing the security posture of our systems. Your focus will be on both security architecture and application security testing. This role is for you if you have demonstrated prior experience, preferably within the professional services industry, excellent communications skills and an aptitude for problem solving. You’ll collaborate with cross-functional teams to identify vulnerabilities, simulate attacks, and drive improvements across our infrastructure.

Responsibilities

• Demonstrate understanding of red, blue, purple team testing methodologies and concepts.
• Establish Threat Models and Risk Assessment both internal infrastructure, networking, and applications.
• Assist and build out internal testing scenarios to identify potential improvements for our overall security.
• Perform internal testing to demonstrate how identified risk can be taken advantage of and advise on how best to prevent against the identified attack vector.
• Validate and test applied mitigations to determine level of effectiveness.
• Perform assessments along with Security Architecture across our various applications and technical solutions.
• Work with Infrastructure, Application and Network Engineering teams to remediate security findings.
• Assist with drafting and maintaining various security related documents.
• Have a good understanding of networking concepts and application connectivity across public cloud(s) using mTLS and REST API.
• Demonstrate understanding of OSI Layer 7 security controls and Web Application Firewalls
• Periodically assist with researching and investigating RCA of security investigations.
• Lead other security architecture team members on weekly tasks related to functional area.