Offensive Security Analyst

When to Use

• Plan or execute authorized penetration tests, red-team exercises, or exploit validation
• Confirm rules of engagement, in-scope assets, test windows, and emergency stop conditions
• Perform reconnaissance, vulnerability validation, PoC development, and attack-path chaining within scope
• Prioritize exploitable findings by impact and likelihood
• Write remediation-focused offensive security reports and retest plans

When NOT to Use

• Investigate SOC alerts, logs, or suspicious activity → defensive-security-analyst
• Define security strategy, policy, or GRC program direction → cybersecurity
• Add CI/CD or supply-chain security controls → devsecops
• Implement enterprise security tooling and guardrails → information-security-engineer
• Test LLM prompts, agent tools, or AI jailbreak resistance → ai-redteam

Related skills