Senior Offensive Security Engineer, Penetration Testing

Job Location

WARSAW PLANT & GO

Job Description

Are you a person who is passionate about breaking applications, devices, services and/or processes to help protect them against the worlds most advanced cyber security adversaries?

The Information Security Protect organization at Procter & Gamble is responsible for providing a realistic depiction of threat actor behaviors and scenarios during simulated exercises. We drive improvements to applications and systems, as well as detection and response capabilities through regular testing of security controls across the enterprise.

Responsibilities:

• Lead complex, ambiguous, high-risk, or multi-domain penetration tests across applications, APIs, infrastructure, cloud, identity, networks, IoT, mobile, and enterprise environments.

• Partner with Intake Management and stakeholders to validate objectives, challenge technical assumptions, identify engagement risks, and shape the testing approach.

• Own technical execution strategy for complex engagements, including attack path development, safe exploitation, evidence standards, peer review, reporting quality, and remediation validation.

• Identify, exploit, and chain vulnerabilities across systems and domains to demonstrate realistic business impact and remediation priority.

• Design and execute control validation paths, including testing or bypassing preventative and detective controls, and document gaps in a way that supports remediation and defensive improvement.

• Serve as the technical escalation point for complex, novel, high-impact, or ambiguous findings from penetration tests, VDP, and Bug Bounty submissions.

• Review complex findings and reports from other testers to ensure technical accuracy, impact clarity, evidence quality, and remediation usefulness.

• Work with engineering, product, cloud, infrastructure, and security teams to translate findings into practical remediation and risk reduction.

• Partner with Cyber Defense Protect, Detect, and Respond teams to operationalize findings and improve defensive controls.

• Design, build, and govern internal tools, automation, and AI-assisted workflows that improve team scale, consistency, coverage, triage, exploitation support, reporting, and remediation validation.

• Lead security testing of AI-enabled applications, LLM systems, AI agents, RAG pipelines, model integrations, tool/plugin execution, and AI-specific abuse paths.

• Produce executive-ready risk narratives and high-quality technical reports tied to business impact, exploitability, and remediation priority.

• Mentor junior testers, provide peer review, and raise standards for methodology, exploit quality, documentation, safety, and communication.

• Drive team maturity through methodology standardization, reusable playbooks, technical review practices, tooling, metrics, knowledge sharing, and process improvement

Job Qualifications

Qualifications (Required):

• Bachelor’s degree or equivalent Polish higher education qualification in Information Security, Cybersecurity, Computer Science, or a related field, OR 7+ years of relevant experience in lieu of a degree.

• 5+ years of experience in penetration testing, offensive security, adversary simulation, application security testing, or security research in complex environments.

• Demonstrated ability to lead complex penetration tests, manage ambiguity, make sound technical decisions, guide other testers, and serve as an escalation point for high-risk findings.

• Deep experience identifying, exploiting, and chaining weaknesses across 3 or more domains such as web applications, APIs, mobile applications, cloud infrastructure, enterprise applications, databases, networks, servers, IoT devices, identity platforms, directory services, or AI-enabled systems.

• Strong ability to automate offensive security tasks and build tooling using languages such as Python, PowerShell, Go, C#, JavaScript, C/C++, Assembly, or similar.

• Advanced Linux command-line experience and strong familiarity with Windows, enterprise environments, and common administrative tooling.

• Hands-on experience with at least one major cloud provider such as GCP, AWS, or Azure, including attack paths, misconfigurations, identity models, and cloud-native services.

• Ability to read, understand, and reason about source code across multiple languages to identify security flaws and determine exploitability.

• Proven ability to test or bypass preventative and detective controls while operating safely within approved scope and rules of engagement.

• Experience creating automation, tools, or AI-enabled workflows adopted by others to improve offensive security effectiveness, efficiency, coverage, or quality.

• Familiarity with security risks in AI-enabled technologies, including prompt injection, insecure agent or tool execution, sensitive data exposure, model misuse, authorization bypass, and AI application abuse cases.

• Strong written and verbal communication skills with the ability to brief technical teams, security teams, and leadership.

Qualifications (Preferred Skills):

• One or more offensive security certifications such as OSCP, OSWE, OSEP, OSCE, GXPN, GPEN, GWAPT, or similar.

• Public tools, modules, research, conference talks, blog posts, CVEs, open-source contributions, or other meaningful technical contributions.

• Experience developing AI-assisted security tools, agentic workflows, vulnerability triage systems, exploit helpers, report-generation pipelines, or other force-multiplying capabilities.

• Experience testing AI applications, LLM-based systems, AI agents, RAG systems, model integrations, and AI-enabled business workflows.

• Experience with mobile, IoT, embedded systems, firmware, reverse engineering, radio-frequency testing, or hardware exploitation.

• Experience with cloud and identity attack paths involving SSO, MFA, OAuth, service principals, IAM, secrets exposure, conditional access, PAM, or privilege escalation.

• Experience collaborating with DFIR, SOC, Detection Engineering, Application Security, Cloud Security, Product Security, and Vulnerability Management teams.

• Experience building penetration testing methodologies, reporting standards, reusable playbooks, tooling, metrics, remediation validation processes, or team knowledge bases.

We offer

• P&G-sized projects and access to world leading IT partners and technologies from Day 1.

• Wide range of self-development possibilities (training and certifications paths).

• Competitive starting salary and benefits program (private health care, P&G stock, saving plans, sport cards).

• Regular salary increases and possible promotions - in line with your results and performance.

• Opportunity to change role every few years to be in the best place for you and best for P&G.

 

At Procter & Gamble we embrace a hybrid work model that combines the flexibility of remote work with the collaborative benefits of in-office engagement. Employees can enjoy the option to work from home two days a week while also spending time in the office to foster teamwork and enhance communication.

 

Watch this video to learn more about our full recruiting process: https://www.youtube.com/watch?v=0bicvbpy0gI

Kindly be advised that at P&G, employment is exclusively extended on the basis of an "Umowa o Pracę" (Full-time Employment Contract). Apply only if you agree to these conditions.

 

About us

We produce globally recognized brands and we grow the best business leaders in the industry. With a portfolio of trusted brands as diverse as ours, it is paramount our leaders can lead with courage the vast array of brands, categories and functions. We serve consumers around the world with one of the strongest portfolios of trusted, quality, leadership brands, including Always®, Ariel®, Gillette®, Head & Shoulders®, Herbal Essences®, Oral-B®, Pampers®, Pantene®, Tampax® and more. Our community includes operations in approximately 70 countries worldwide.

Visit http://www.pg.com to know more.

We are an equal opportunity employer and value diversity at our company. We do not discriminate against individuals on the basis of race, color, gender, age, national origin, religion, sexual orientation, gender identity or expression, marital status, citizenship, disability, HIV/AIDS status, or any other legally protected factor.

Job Schedule

Full time

Job Number

R000152667

Job Segmentation

Experienced Professionals