Offensive Privacy Tester
We are looking for an experienced Offensive Privacy Engineer. In this role, you will conduct offensive privacy testing and identify vulnerabilities and/or misconfiguration to enhance the security and privacy of our systems and applications. Your efforts will ensure the protection of our users' data against potential threats, comply with applicable laws/regulations/commitments and reduce attack paths within the USDS environment.

Responsibilities:
• Lead comprehensive privacy-focused penetration tests and/or emulate adversary-like behavior/operations on our infrastructure, application, products and services.
• Perform deep technical, hands-on offensive privacy testing to identify and exploit privacy and security weaknesses.
• Contribute to the creation of a testing framework to methodically test safeguards being designed and implemented
• Design and execute advanced testing methodologies specifically targeting privacy vulnerabilities.
• Develop detailed reports on findings, including actionable remediation recommendations.
• Work closely with XFN teams to address and remediate identified vulnerabilities.
• Communicate findings effectively to technical and non-technical stakeholders.
• Advocate for best practices in privacy and data protection, ensuring compliance with relevant privacy regulations (e.g., GDPR, CCPA).
• Stay updated on the latest privacy threats and integrate new findings into the testing program.
• Build and implement security testing tools and technologies to enhance privacy testing capabilities and promote automation.
• Continuously improve team processes and methodologies for better testing outcomes.

Qualifications
• Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degrees or equivalent professional experience are preferred.
• 4+ years of experience in offensive security testing, with a strong focus on privacy vulnerabilities.
• Proven experience in penetration testing, red teaming, and vulnerability assessments, particularly in privacy contexts.
• Relevant security certifications such as OSCP, OSEP, OSWA, OSWE, OWSE, OSED, GPEN, GXPN, GWAPT, GMOB, BSCP etc.
• Hands on technical experience in web, mobile and infrastructure penetration testing with tools like Burp Suite Pro, SQLMap, Frida, Objection, Android Studio, XCode, MobSF, Drozer
• Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections
• Familiarity and experience working with frameworks like MITRE ATT&CK/D3FEND, NIST, CCPA, COPPA, OECS, ISO etc.
• Proven hands-on experience with programming and scripting languages (e.g., C/C++, C#, Python, Golang, JS).
Preferred Qualifications:
• Experience with automation, big data and relational databases.
• Contributions to the privacy or security community through research, publications, or participation in bug bounty programs.
• Relevant industry certifications (e.g., CIPP, CIPT, CIPM)