The Role
Lead complex cybersecurity engagements and develop AI-powered platforms for offensive security. Provide strategic consulting to clients and enhance security measures.
Summary Generated by Built In
About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
DivisionHex is one of the most respected offensive security practices in the industry, and we are investing heavily in the next generation of capabilities our hackers will use to outpace adversaries. We are hiring a Senior Principal who is equal parts elite operator and elite builder — someone who can execute on the most complex offensive engagements against the most security-mature organizations in the world AND design the AI-powered platforms, agentic systems, and automation that let our hackers operate at a scale and speed previously not possible.
This is a deeply hands-on senior individual contributor role with practice-wide influence. You will set the technical direction for how DivisionHex incorporates AI into application, network, and adversary services — both as a force multiplier for our operators and as a new domain we test on behalf of clients. The platforms you build will run on real engagements, and the engagements you lead will sharpen the platforms.
The Senior Principal, AI Testing and Development is one of the most senior technical voices in DivisionHex. The systems you build help our hackers identify and mitigate gaps in detection and response, surface novel vulnerabilities and misconfigurations that lead to further compromise, and emulate real-world threat actor TTPs at speeds previously unseen. You will play a critical role in shaping our offensive security strategy and ensuring DivisionHex is recognized as one of the leading offensive security teams in the industry.
What You'll Do
- Deliver on the most technically complex application, network, and adversary services engagements.
- Architect and build AI-powered platforms — including agentic systems — that automate reconnaissance, attack path discovery, exploitation, and reporting across the offensive lifecycle.
- Maintain a relentless focus on outputs that move the P&L: tooling that compounds across engagements and improves over time.
- Act as a hands-on senior leader in secure software development, model integration, and the engineering discipline required to build durable internal platforms.
- Act as a trusted advisor to our clients’ senior leadership on security matters, providing insights and recommendations to inform strategic decision-making.
- Collaborate with our sales and marketing teams to drive opportunity identification and rapidly grow the practice.
What You'll Bring
- 10+ years of experience in cybersecurity, with a focus on deeply technical application pentesting, network pentesting, and adversary services/red team engagements
- Deep understanding of application penetration testing and assessment tradecraft and methodologies (including browser-based, API, etc.)
- Deep understanding of on-prem and cloud AD/identity misconfigurations, attack paths, and approaches to exploit them
- Significant experience creating and delivering specialized testing and training for internal stakeholers and customers on the latest threat actor TTPs and capabilities, including advanced persistent threats (APTs), ransomware, and insider threats.
- Extensive experience conducting offensive services engagements across a variety of platforms and environments, including on-premise, cloud, and hybrid environments.
- Excellent communication and collaboration skills, with the ability to effectively convey complex technical concepts to both technical and non-technical audiences, including C-suite and board-level executives of Fortune 500 organizations.
- Has excellent technical capabilities in terms of performing complex penetration test / adversary services
- Has significant experience developing toolkits used for engagements in a way that both scale yet return ROI quickly
- Has significant experience with integrating agents or parts of the ML pipeline into offensive security work
- Has a strong ROI-centric focus approach, where the outputs of your projects directly impact the efficiency of humans doing the work to materially improve P&L outputs
- Ability to thrive in a fast-paced, dynamic environment, and adapt quickly to changing priorities and requirements.
- Extensive experience with golang and python, with the ability to work across different languages to integrate with ML pipelines for training, tuning, and inference of language models.
Why You’ll Want to Join Us
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at [email protected].
Skills Required
- 10+ years of experience in cybersecurity
- Deep understanding of application penetration testing methodologies
- Experience with AD/identity misconfigurations
- Experience creating and delivering testing and training
- Extensive experience in offensive services engagements
- Excellent communication skills for technical concepts
- Technical capabilities in penetration testing
- Experience developing toolkits for engagements
- Experience with integrating ML pipelines into security work
- Strong ROI-focused project approach
- Ability to adapt to fast-paced environments
- Extensive experience with Golang and Python
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. By providing independent and tailored advice, assessments, technical testing, and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives, and fuel their continued success. Coalfire has been a cybersecurity thought leader for more than 20 years and has offices throughout the United States and Europe.
.png)
