Adversary Emulation & Defense Engineer

Position Summary:
The Adversary Emulation & Defense Engineer plays a critical role in strengthening Inmar's ability to defend against emerging cyber threats by bridging offensive and defensive security disciplines. This role designs and executes collaborative, threat‑informed adversary emulations that unite offensive (red) and defensive (blue) capabilities to measurably improve enterprise detection, prevention, and response. Success is defined by faster detection and response, stronger red/blue collaboration, and improvements in detection and response KPIs and clear effectiveness against real world threats.

Primary Accountabilities:

Technical:

• Plan, lead, and document purple‑team exercises (tabletop to hands‑on) emulating prioritized adversary TTPs across the full attack lifecycle (recon → exfiltration).

• Build adversary‑emulation plans and safe automation in production‑like environments using Atomic Red Team, CALDERA, and custom scripts; map tests to MITRE ATT&CK and the kill chain.

• Engineer, tune, and validate detections and controls across SIEM/analytics, endpoint configurations, identity protections, and network security to break attacker techniques.

• Develop and maintain scalable automation for repeatable, CI‑style security control checks to ensure consistent, scalable validation.

Operational:

• Translate findings into actionable backlog items (SIEM rules, analytics, playbooks, hardening baselines, response procedures) with clear owners, timelines, and acceptance criteria.

• Provide real‑time feedback and results to the Blue Team for rapid tuning and improvement during and after exercises.

• Run regular hands‑on workshops where attackers demo evasion paths and defenders showcase detections and response playbooks; host office hours on ATT&CK, detection engineering, and threat‑informed defense practices.

• Partner across IR, SOC, vulnerability management, and product/engineering to embed controls and detections early in design (S‑SDLC) and post‑deployment

• Lead regression tests to verify fixes and prevent drift.

Strategic and Analytical

• Build reporting dashboards tracking ATT&CK coverage, detection latency, and MTTD/MTTC to measure control effectiveness.

• Quantify control coverage per ATT&CK technique and spotlight residual risk tied to business‑relevant threats.

• Perform threat modeling for new and evolving systems; prioritize emulations based on current intelligence and risk to “crown jewels.

• Drive a continuous feedback loop that informs test prioritization, control roadmap, and secure‑by‑design decisions.

Additional Responsibilities:

• Performs other duties as assigned

• Complies with all policies and standards

Required Qualifications:

• Bachelors , Information Security, or related field—or equivalent practical experience. required

• 4-6 years in offensive security and either detection engineering, incident response, or SOC with hands-on experience across at offensive and defensive domains. required and

• Proven experience planning/executing adversary emulations and measuring control effectiveness using ATT&CK. (Medium proficiency)

• Proficiency with one or more scripting languages (Python, PowerShell, Bash) and automation/version control (Git, CI). (Medium proficiency)

• Practical knowledge of EDR/endpoint hardening, Windows/Linux internals, identity security (AD/Entra ID), and SIEM/log engineering (Elastic, Splunk). (Medium proficiency)

• Ability to write, tune, and validate detections (e.g., SIGMA rules, EDR analytics) and to interpret telemetry (Sysmon, network flows). (Medium proficiency)

• Excellent communication and collaboration skills to work across red, blue, and product/engineering teams. (High proficiency)

• Experience with tools such as Atomic Red Team, CALDERA, ATT&CK Navigator, BloodHound/attack path mapping, sandboxing/YARA, and exploit mitigation techniques. (Low proficiency)

• Cloud security experience (AWS/Azure/GCP) including logging, identity, and control validation in cloud workloads. (Low proficiency)

• Background in S-SDLC practices and secure-by-design patterns for platforms/services. (Low proficiency)

• GDAT, OSCP/OSWP, GPEN, GCDA, or comparable experience. preferred

Physical Demands
The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.

• Use Hands to Handle Objects - Occasionally

• Reach with Hands or Arms - Occasionally

• Talk or Hear and Read Instructions - Occasionally

• Stand, Kneel, or Stoop and Lift 20 Pounds - Occasionally

• View Items at a Close Range - Occasionally

Rarely: Job requires this activity up to 25% of the time
Occasionally: Job requires this activity between 25% - 50% of the time
Frequently: Job requires this activity between 50% - 75% of the time
Constantly: Job requires this activity more than 75% of the time
Individual Competencies

• Adaptable: Arrives at a conclusion based on previous experiences and good judgment.

• Curious: Assesses circumstances using experience and a variety of information gathered.

• Innovative: Arrives at decision using analytical thought.

• Teamwork: Advanced communication skills used to lead a team.

• Taking Initiative: Department

As an Inmar Associate, you:

• Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.

• Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.

• Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually beneficial partnerships, leverage information and achieve results.

• Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.

• Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.

• Support a safe work environment by following safety rules and regulations and reporting all safety hazards.

At Inmar, we put people first and that means empowering our associates to thrive at every stage of life and career. Our comprehensive and competitive benefits package is thoughtfully designed to support a wide range of lifestyles and life stages.

Eligible associates have access to:

• Medical, Dental, and Vision insurance

• Basic and Supplemental Life Insurance options

• 401(k) retirement plans with company match

• Health Spending Accounts (HSA/FSA)

We also offer:

• Flexible time off and 11 paid holidays

• Family-building benefits, including Maternity, Adoption, and Parental Leave

• Tuition Reimbursement and certification support, reflecting our commitment to lifelong learning

• Wellness and Mental Health counseling services

• Concierge and work/life support resources

• Adoption Assistance Reimbursement

• Perks and discount programs

Please note that eligibility for some benefits may depend on your job classification and length of employment. Benefits are subject to change and may be governed by specific plan or program terms.

At Inmar, compensation reflects our belief in integrity, transparency, and the value of individual contributions. The hiring range for this position is:

136,542.38 - 227,570.63 USD Annual

The final offer may vary based on factors such as geographic location, job-related skills, education, certifications, work experience, and other relevant considerations.

Depending on the job level and role, it may include:

• Annual discretionary bonuses through our Core Company Performance Bonus Plan

• Equity grants, sign-on bonuses, and other tailored incentive opportunities

• Additional discretionary compensation, such as:

  • Growing Revenue Incentives

  • Corporate or VIP Bonuses

  • Deferred compensation opportunities

The actual annualized salary offered at the time of hire will be communicated in the candidate’s offer letter. We remain committed to fairness and transparency across all locations. Where required, including for remote-eligible roles, local pay ranges are disclosed in accordance with applicable laws and regulations.

We are an Equal Opportunity Employer, including disability/vets.

Recruitment Fraud Notice: Recruitment fraud is an increasingly common scam where individuals pose as employers to offer fictitious job opportunities. Scammers sometimes impersonate Inmar recruiters on LinkedIn and other channels. We will never ask for payment or sensitive personal information during the hiring process. Verify any role on our official Workday Careers site and learn how to spot scams in our full notice.

This position is not eligible for student visa sponsorship, including F-1 OPT or CPT. Candidates must have authorization to work in the U.S. without the need for employer sponsorship now or in the future.