Lead Engineer

College Board – Technology –Cyber Security Operations Team 

Location: 1) This is a fully remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).  

Type: This is a full-time position 

About the Team  

The Cyber Security Operations team is critical to the strategic foundation of our products, most notably the secure delivery of our Digital SAT and AP programs. We are a highly motivated group of cyber security experts who take a proactive approach to ensuring a strong security posture.  We partner across the organization to mature our Threat Management and Incident Response procedures and are constantly seeking and experimenting with new technologies. We are currently using a variety of cutting-edge tools that provide comprehensive cyber security operations for the College Board’s critical infrastructure in support of the College Board’s mission to connect students to college success and opportunity.  College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.   

About the Opportunity   

The College Board is seeking a Lead Offensive Security Engineer who will serve as the technical leader of our Red Team capability. In partnership with leadership, who sets the strategic direction and risk priorities for the program, you will translate that vision into disciplined, high-impact offensive security campaigns that meaningfully improve our security posture. 

You will own the technical design and execution quality of red team engagements, shaping how assessments are planned, executed, and measured. This includes defining attack approaches, selecting and refining tooling, and ensuring that adversary simulations reflect real-world threat tradecraft relevant to our environment. Over time, you will play a key role in recommending priorities and evolving the "what" based on emerging threats and observed risk, while maintaining clear alignment with leadership direction. 

Beyond executing engagements, you will raise the bar for how offensive security is practiced at College Board. You will ensure our red team operations are repeatable, measurable, and operationally sound, with strong documentation, defensible methodologies, and executive-ready reporting. Your work will directly influence detection engineering, incident response readiness, and the resilience of systems that support the secure delivery of the Digital SAT, AP programs, and other mission-critical services. 

In this role, you will: 

• Design and evolve the Red Team capability (35%) 
• Define and continuously refine the red team engagement model, including methodology, scope development, rules of engagement, evidence standards, and quality controls. 
• Shape offensive assessment strategy in partnership with leadership, translating program priorities into technically sound attack approaches and campaign plans. 
• Determine tooling, infrastructure, and C2 frameworks used in approved environments, ensuring tradecraft reflects relevant real-world threat actors and techniques. 
• Establish standards for multi-stage adversary simulation, ensuring engagements are realistic, repeatable, and aligned to MITRE ATT&CK and current threat intelligence. 
• Continuously assess and improve how red team effectiveness is measured, including coverage, repeat findings, and defensive validation outcomes. 
• Lead execution of high-impact offensive campaigns (40%) 
• Lead and personally execute advanced penetration tests and red team assessments across client applications, web applications, APIs, endpoints, and supporting infrastructure. 
• Orchestrate multi-stage attack simulations spanning initial access, privilege escalation, lateral movement, persistence, and objective completion within approved guardrails. 
• Plan and drive purple team exercises in close partnership with Threat Hunt, SOC, and Incident Response teams to validate and strengthen detection and response capabilities. 
• Evaluate the effectiveness of security controls, including SIEM, EDR, and network monitoring, and drive re-testing to confirm measurable improvement. 
• Coordinate and guide other red team engineers during engagements, ensuring consistency, technical rigor, and high-quality deliverables. 
• Drive measurable defensive impact and organizational enablement (25%) 
• Translate offensive findings into prioritized, actionable remediation guidance and partner with system owners to drive meaningful risk reduction. 
• Produce executive-ready reports and briefings that clearly articulate risk, impact, and recommended actions for both technical and non-technical stakeholders. 
• Develop and maintain standardized red team artifacts, including playbooks, adversary emulation plans, reporting templates, and documentation that improve repeatability and knowledge transfer. 
• Provide technical guidance to Vulnerability Management and Threat Hunting teams on attacker behaviors, custom detection approaches, and validation techniques. 
• Foster a culture of collaboration and continuous learning across Cyber Operations teams through knowledge sharing, mentorship, and contribution to shared playbooks and best practices. 

About you, you have: 

• Demonstrated experience leading complex red team engagements or adversary simulations across applications, endpoints, APIs, and cloud environments. 
• Proven ability to influence technical direction and raise operational standards without formal people management authority. 
• 7+ years of experience in cybersecurity, with at least 3–5 years in offensive security, red team, or advanced penetration testing roles. 
• Deep hands-on expertise with modern C2 frameworks and adversary simulation tooling, with the ability to adapt tradecraft to evolving defensive controls. 
• Strong understanding of attacker methodologies, including MITRE ATT&CK, OWASP Top 10, CWEs, and real-world threat intelligence, and the ability to translate those into practical attack scenarios. 
• Experience conducting purple team exercises and validating SIEM, EDR, and network detection capabilities through controlled simulation and evidence-based testing. 
• Experience delivering executive-ready briefings that clearly communicate technical risk, business impact, and prioritized remediation actions. 
• High degree of discretion, integrity, and operational discipline when conducting sensitive offensive security work. 
• Bachelor’s degree in Computer Science, Engineering, or equivalent practical offensive security experience. 
• Authorization to work in the United States without sponsorship. 
• Ability to travel 3-5 times a year to our NYC or Reston, VA office. 

For all roles at College Board: 
We are seeking individuals who are passionate about expanding educational and career opportunities and committed to mission-driven work. Candidates must be authorized to work in the United States for any employer and should possess clear and concise communication skills, both written and verbal. Proficiency in Microsoft Suite tools is preferred, though a willingness to learn is equally valued. We look for those with curiosity and enthusiasm for emerging technologies, particularly AI-driven solutions, and a proactive approach to independently learning and applying new digital tools. Most importantly, applicants should demonstrate the skills and mindsets aligned with College Board’s Operating Principles, reflecting a commitment to continuous growth, collaboration, and impact, notably:

• A commitment to candid, timely, respectful feedback
• A learner orientation and an openness to ideas and diverse perspectives
• The ability to push for excellence through data-informed decision-making, iterative learning, external benchmarking and user-inputs
• • Strong problem-solving skills, including the ability to break down complex issues and identify clear paths forward
• A track record of prioritizing high-impact work, simplifying complexity, taking initiative, and making decisions quickly with clarity of purpose
• A habit of collaborating across differences, practicing empathy, and contributing to a culture of trust and shared success
• About Our Process 
• Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.
• While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

What We Offer 

• At College Board, we offer more than just a paycheck—we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We’re a self-sustaining nonprofit that believes in fair and competitive compensation, grounded in your qualifications, experience, impact, and the market.
• A Thoughtful Approach to Compensation 
• The hiring range for this role is $168,000-$183,000.
• Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
• We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
• We adjust salaries by location to ensure fairness, no matter where you live.
• You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process. Check out our careers page for more.

#LI - MC1

#LI - Remote