Senior Red Teamer

Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, renewable energy solutions, and K-12 and higher education expert.  For over 40 years, Nelnet has been serving its customers, associates, and communities.

The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you're part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.

Nelnet's Senior Red Teamers are responsible for planning and executing full-scope offensive security engagements that simulate advanced persistent threats against the enterprise. This role encompasses end-to-end red team engagement lifecycle ownership, custom tooling development, and the advancement of internal TTPs to reflect the current threat landscape. The Senior Red Teamer serves as a technical authority within the Offensive Operations team, providing mentorship and technical guidance to junior practitioners and contributing to the maturation of the Red Team program.

This is an individual contributor role with technical leadership responsibilities; it does not include direct reports or people management.

** Job Description*
* + Own and contribute to the full lifecycle of red team engagements - including scoping, rules of engagement definition, threat modeling, operational planning, execution, deconfliction, and post-engagement reporting - across external network, assumed breach, and purple team scenarios. Ensure engagements are structured, documented, and executed in alignment with program standards and organizational risk appetite

+ Conduct advanced penetration testing and adversary simulation across all technical and physical attack surfaces, including web applications, APIs, servers, network infrastructure, cloud environments (IaaS, SaaS, PaaS), Windows Active Directory, mobile applications, and physical access controls. Apply real-world attacker techniques and scenario-based targeting to maximize engagement fidelity and operational value.

+ Develop and maintain custom offensive tooling, exploits, payloads, and evasion techniques to support engagements and reduce reliance on commodity or signature-based tooling. Maintain awareness of current defensive countermeasures and adapt tooling accordingly to reflect realistic threat actor behavior.

+ Research and operationalize current and emerging threat actor TTPs, tracking adversary tradecraft across open-source intelligence, threat reports, and industry research. Translate findings into engagement scenarios, attack chains, and internal playbooks that reflect the threat landscape relevant to Nelnet's business and industry.

+ Provide technical mentorship and guidance to junior red team practitioners - including work review, knowledge transfer, and participation in internal training, documentation, and skills development initiatives. Contribute to team capability growth through consistent, structured technical engagements with less senior staff.

+ Collaborate with blue team, SOC, and defensive stakeholders to validate detection and response capabilities, support purple team exercises, and deliver actionable feedback on detection gaps, alert fidelity, and defensive control effectiveness. Approach these engagements with a shared-outcome mindset that improves the organization's overall security posture.

+ Author technically rigorous, well-structured reports that document engagement objectives, methodology, findings, attack paths, and evidence, with clear risk ratings and prioritized remediation guidance. Produce executive-level summaries that convey security risk in business-relevant terms without sacrificing technical accuracy.

+ Contribute to the development and ongoing refinement of red team program materials - including engagement frameworks, methodology documentation, internal playbooks, and capability roadmaps - to support program maturity, consistency, and scalability over time.

+ Prepare and deliver briefings on red team findings and program activity, and security risk to technical leads, security leadership, and executive stakeholders as appropriate. Communicate complex offensive security concepts clearly and with appropriate context for each audience.

** Education*
* Knowledge equivalent to the completion of a Bachelor's degree in Computer Science, Information Security, or a related field of study - or equivalent demonstrated professional experience.

** Experience*
* + 5-8 years of hands-on experience in a penetration testing or red team role, or equivalent offensive security experience

+ Demonstrated experience leading red team engagements across multiple domains (network, cloud, Active Directory, web applications, physical)

+ Demonstrated experience developing custom offensive tooling,…