Job Description

Sodexo is currently hiring a Offensive Cyber Security Engineer to join their amazing team
About the company: Sodexo is a global leader in quality of life services, founded in France in 1966. The company operates in over 50 countries, offering a wide range of services that include:On-site Services: Catering, cleaning, maintenance, and facilities management.Benefits & Rewards Services: Meal cards, gift cards, mobility solutions, and employee benefits.Personal & Home Services: Concierge, home care, and childcare (less prominent).Sodexo focuses on improving quality of life for employees, students, patients, and others across various sectors, including corporate offices, schools, healthcare, defense, and remote sites.

Sodexo in Portugal
Sodexo has been present in Portugal since 1996. Core Services, Employee Benefits & Rewards: Well known for offering meal cards like Sodexo Refeição Pass, as well as gift cards and fuel cards.On-site Services: Catering and facilities management in corporate, healthcare, and educational environments.Key Clients: Includes multinational corporations, public institutions, and local businesses.Mission in Portugal: Helping improve employee well-being and organizational performance through tailored workplace and benefits solutions.
About the role/What you'll do: As an Offensive Cyber Security Engineer, you will join Sodexo’s Global Information Cyber Security team, operating within the internal Security Architecture & Engineering function. In this highly technical role, you will act as an ethical attacker, continuously identifying, validating, and helping remediate critical risks across Sodexo’s global cloud, application, and corporate environments.
Your work blends advanced threat modeling with full‑scope red team operations and real‑world adversary emulation.
Your responsibilities include:
1. Threat Modeling & Security Analysis

Lead structured threat modeling using STRIDE, attack trees, MITRE ATT&CK mapping.
Analyze new features, applications, and architectural changes in collaboration with global/local engineering teams.

2. Red Team & Breach Simulation Operations

Plan and execute sophisticated red team engagements and breach & attack simulation (BAS) campaigns.
Conduct persistent, stealthy operations resembling advanced threat actors.
Execute assume‑breach scenarios across endpoints, cloud workloads, identities, and external attack surfaces.
Perform physical, social engineering, and hybrid attacks when required.

3. Cloud Migration & Workload Security

Assist regions/BU’s in migrating and deploying workloads to Sodexo public cloud environments.
Analyze business and IT requests impacting cloud security and propose mitigation measures.

3. Adversary Emulation & Tooling Development

Run automated and manual adversary emulation using tools like:
Covenant, Sliver, Cobalt Strike, Caldera, Infection Monkey, Stratus Red Team, Atomic Red Team.
Develop custom tools, payloads, and C2 infrastructure to bypass EDR/XDR and cloud-native detections.

5. Remediation Guidance & Detection Engineering Support

Deliver actionable remediation guidance and collaborate directly with blue teams.
Contribute to detection engineering by producing threat intelligence, detection logic, and attack playbooks.
Track the evolving attack surface and organizational crown jewel exposure. [Offensive...tion V 0.3 | PDF]

6. Leadership & Mentorship

Mentor junior offensive security team members.
Raise offensive security awareness across Sodexo.

Education & Experience

BS in Computer Science, Information Security, or equivalent (MS preferred).
5+ years of hands‑on offensive security experience (red teaming, penetration testing).
Proven experience leading full‑scope red team operations, especially in Azure environments
Fluent English and French(Plus)

Technical Skills

Deep understanding of threat modeling methodologies (STRIDE, attack trees, MITRE ATT&CK).
Strong scripting/development skills: Python, Go, PowerShell, Bash.
Experience creating/redesigning offensive security tooling.
Proficiency with C2 frameworks: Cobalt Strike, Sliver, Covenant.
Deep knowledge of Kubernetes, IAM, CI/CD security, and modern application architectures.
Strong OSINT, social engineering, and physical security attack capabilities.

Soft Skills

Strong interpersonal and communication skills.
Ability to influence and collaborate with stakeholders at all organizational levels.
Strong analytical thinking and problem-solving mindset.

What They Offer

Career growth path within 12–24 months.
Performance bonus (up to 2 monthly salaries).
Health insurance for employee + family, and life insurance.
24 days of annual leave.
Access to training platform with 7,000+ courses.

About Damia Group

Damia Group is a trusted talent solutions partner with over 30 years of experience supporting security-cleared environments, including defence, government, space, and aerospace.

We work closely with the UK’s leading prime suppliers, delivering high-quality staff augmentation and SOW-based project solutions across major technology and transformation programmes. Our long-standing client relationships are built on reliability, compliance, and a deep understanding of complex project demands.

With an actively managed network of specialist professionals, we connect the right talent to critical programmes quickly and effectively.

Our tailored approach and sector knowledge help organisations modernise their technology, strengthen security, streamline operations, and deliver business-critical transformation projects across both the public and private sectors.

If you need support in building an agile, blended workforce to deliver your business-critical transformation projects, get in touch with us today.

Industry

IT & Software

Company Size

51-200 employees

Headquarters

Guildford, GB

Year Founded

1995

Website

damiagroup.com

Social Media

Sodexo-Offensive Cyber Security Engineer

Job Description

About Damia Group