Dauch is looking for a Cybersecurity Engineer to join our team in Detroit, MI.
The Cybersecurity Engineer is responsible for leading and executing technical assessments to identify, analyze, and mitigate threats and vulnerabilities within Dauch's IT and OT environments. This role is pivotal to the Red Team, involving the conduct of penetration tests, adversary emulation, and other offensive security assessments.
Plans and performs Red Team penetration testing engagements, vulnerability assessments, and threat simulations against enterprise networks, cloud infrastructure, and OT systems.
Leads technical risk assessments, including vulnerability scanning, exploit validation, and attack path enumeration.
Coordinates and validates third-party penetration tests and Red Team exercises.
Analyzes risk across systems and applications; reports findings and provides actionable remediation guidance to stakeholders.
Supports the threat and vulnerability management lifecycle, including prioritization, remediation tracking, and threat modeling.
Collaborates with defensive security teams (Blue Team) on Purple Team exercises to improve detection and response capabilities.
Investigates real-world security incidents, performs root cause analysis, and contributes to threat hunting efforts.
Conducts attack surface mapping, threat intelligence enrichment, and tool evaluations to support proactive cyber defense.
Automates assessment tools, processes, and reporting mechanisms where feasible.
Participates in regular on-call rotation for global security incident support.
Provides weekly metrics and reporting to senior IT and security leadership.
Documents and maintains Red Team methodologies, tools, and engagement playbooks.
All other duties as assigned.
Bachelor’s Degree in Information Security, Computer Science, or related field.
1-3+ years of experience in cybersecurity, with familiarity with red teaming, offensive security, or penetration testing.
Proficiency in tools such as Cobalt Strike, Metasploit, Burp Suite, Kali Linux, and scripting (Python, PowerShell, Bash).
Deep knowledge of Windows and Linux internals, networking protocols, Active Directory attacks, and cloud (Azure, AWS) attack vectors.
Relevant certifications (e.g., OSCP, OSCE, CRTO, GPEN, GXPN, CISSP) preferred.
Strong communication and report-writing skills, including delivery of technical results to non-technical audiences.
Ability to work independently and manage multiple concurrent security projects.
