Offensive Cyber Research Engineer

About the Company

America is under sustained cyber attack. Our adversaries infiltrate our networks, steal our IP, and degrade the digital infrastructure that modern life runs on. They've learned-correctly-that those attacks rarely produce consequences.

Twenty was founded to change that, by making our adversaries think twice before they attack us. Our vision is American and allied primacy in cyberspace-a future where they cannot contest us, deterrence is assured, and the free world remains secure.

Founded in 2024, Twenty Technologies ( industrializes offensive cyber operations for the U.S. and its allies. Headquartered in Arlington, Virginia, Twenty has raised $38M from Caffeinated Capital, General Catalyst, and In-Q-Tel.

Twenty is seeking an exceptionally skilled Offensive Cyber Research Engineer for an in-office position in its Arlington, VA office to lead the development of sophisticated offensive cyber capabilities that defend democracies worldwide. We're looking for someone with 6-8 years of deep technical expertise in offensive cyber operations, software development, and research, combined with proven leadership experience mentoring engineers and driving strategic technical initiatives. In this role, you'll architect and lead the development of advanced attack path frameworks, establish engineering best practices for offensive tooling, mentor junior researchers, and serve as a technical authority on adversarial techniques and red team operations. You'll leverage your extensive operational background-ideally from government/military Digital Network Exploitation Analysis (DNEA), Exploitation Analyst (EA) operations, advanced penetration testing, or threat intelligence analysis-to shape the technical direction of our offensive cyber capabilities and build the next generation of cyber technologies for the United States and its allies.

Role Details
Technical Leadership & Architecture

• Lead the architecture and design of sophisticated attack path frameworks that emulate advanced persistent threat (APT) behaviors and nation-state TTPs
• Establish technical standards and best practices for offensive cyber tool development across the organization
• Evaluate and recommend engineering courses of action for new offensive capabilities and system enhancements
• Drive technical decision-making for complex offensive cyber integrations and performance optimizations
• Architect scalable, modular frameworks for attack technique automation and adversary emulation

Research & Innovation

• Conduct advanced research into emerging adversary techniques, zero-day exploitation strategies, and novel attack vectors
• Develop proof-of-concept tools and techniques that push the boundaries of offensive cyber capabilities
• Stay current with threat actor innovations and translate emerging TTPs into defensive and offensive capabilities
• Publish internal research findings and contribute to the broader cyber security research community
• Identify capability gaps and lead initiatives to develop new offensive tools and methodologies

Team Leadership & Mentorship

• Mentor and provide technical guidance to offensive cyber engineers and researchers, conducting thorough code reviews and knowledge transfer
• Lead technical discussions and facilitate strategic planning sessions for offensive capability development
• Organize research efforts and coordinate cross-functional collaboration with data engineering, backend, and intelligence analysis teams
• Establish and maintain engineering best practices, secure coding standards, and operational security procedures
• Guide junior engineers in understanding complex adversary behaviors and translating them into technical implementations

Attack Path Development & Implementation

• Design and implement advanced attack paths that emulate sophisticated adversary campaigns across multiple domains
• Create reusable, production-grade components for complex attack techniques including credential harvesting, lateral movement, and defense evasion
• Develop custom tooling and automation frameworks that operate at machine speed for large-scale adversary emulation

Data Engineering & Intelligence Integration

• Lead the design of ETL pipelines for processing threat intelligence, security logs, and operational data at scale
• Architect standardized schemas for cyber operations datasets that support graph-based analysis and AI/ML workflows
• Implement advanced data enrichment pipelines that integrate diverse threat intelligence sources
• Design efficient storage and retrieval systems for large-scale security-relevant data

Operational Collaboration

• Work closely with government customers and operational teams to understand mission requirements and capability gaps
• Translate operational feedback into technical requirements and development priorities
• Lead technical demonstrations showcasing offensive cyber capabilities to stakeholders
• Provide subject matter expertise for customer engagements and strategic planning sessions

Qualifications
Technical Skills & Experience

• 6-8 years of threat research, offensive cyber operations, and software development experience
• Expert-level operational cyber security experience in one or more of the following domains:
  
  • Digital Network Exploitation Analysis (DNEA) within U.S. Government military or intelligence organizations
  • Exploitation Analyst (EA) operations conducting advanced network exploitation and intelligence analysis
  • Advanced Penetration Testing/Red Teaming leading sophisticated offensive security assessments
  • Senior-level Threat Hunting and threat intelligence analysis in high-stakes environments
• Demonstrated technical leadership experience mentoring offensive cyber engineers and leading research initiatives
• Deep expertise in the MITRE ATT&CK framework with proven track record developing and implementing advanced adversary TTPs across multiple tactics
• Expert-level experience operating and extending industry-standard threat emulation platforms (Cobalt Strike, Metasploit, custom C2 frameworks) with proven ability to develop sophisticated custom payloads, modules, and evasion techniques
• Extensive experience integrating and analyzing diverse threat intelligence sources including commercial feeds, OSINT, and government intelligence
• Advanced proficiency in implementing sophisticated persistence mechanisms, advanced defense evasion techniques, counter-forensics, and anti-analysis methods
• Expert containerization and orchestration experience using Docker and Kubernetes for secure, scalable offensive tool deployment
• Advanced programming and software architecture skills in Python and Golang, with demonstrated ability to build maintainable, production-grade security tools and automation frameworks
• Expert-level experience writing complex graph queries and developing graph-based analytical tools using Neo4j or similar graph databases
• Comprehensive knowledge of cybersecurity across network security, application security, secure coding, cryptography, and security architecture
• Extensive practical experience in offensive cyber operations including advanced payload development, post-exploitation frameworks, command and control infrastructure, and multi-stage attack chains
• Expert knowledge of red team methodologies including campaign planning, operational security (OPSEC), adversary simulation, and realistic threat emulation based on intelligence-driven scenarios

Leadership & Communication Skills

• Proven ability to lead technical projects and mentor engineering teams
• Strong communication skills with ability to explain complex offensive techniques to diverse audiences including executives and government officials
• Experience conducting thorough code reviews and establishing development standards for security tools
• Track record of driving technical decision-making and influencing strategic direction

Education

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field; Master's degree preferred, or equivalent practical experience

Security Requirements

• Must be eligible to obtain a U.S. Government security clearance

Distinguishing Qualifications

• Previous technical leadership experience in government cyber operations units or intelligence organizations conducting DNEA or EA operations
• Experience leading offensive cyber capability development programs or research initiatives
• Track record of developing novel offensive techniques or tools adopted by operational units
• Advanced certifications such as OSCP, OSCE, OSEE, GXPN, or government-recognized advanced offensive security credentials
• Experience with AI/ML integration in offensive cyber operations and automated threat emulation
• Extensive background in malware analysis, reverse engineering, exploit development, or vulnerability research
• Experience with multi-domain intelligence analysis correlating cyber, SIGINT, ELINT, and other intelligence sources
• Publications or conference presentations on offensive cyber research or techniques
• Contributions to open-source offensive security tools or frameworks

Additional Skills

• Experience with Agile development methodologies and leading agile teams
• Advanced system architecture and design experience for large-scale security systems
• Performance optimization and scalability experience for high-throughput data processing
• Experience with cloud security (AWS, Azure, GCP) and cloud-native attack techniques
• Deep knowledge of wireless security, IoT protocols, and electromagnetic spectrum operations
• Expertise with forensics tools, incident response procedures, and defensive cyber operations
• Understanding of government acquisition processes and requirements development

Benefits
What's on the table:

• Health. Medical, dental, and vision plan options. Life / AD&D, disability coverage options.
• Family. Paid parental leave for eligible full-time employees. 12 weeks for birthing parents, 4 for non-birthing parents, 6 weeks for adoptive, foster, or intended parents through surrogacy.
• Vacation. Paid holidays and flexible PTO. Take what you need.
• Retirement. 401(k) with pre-tax and Roth options. HSA/FSA options, dependent care FSA.
• At the office. Commuter benefits. On-site garage parking. Bike storage. Building fitness center. Desk setup stipend.

Benefits vary by location, role, and eligibility. Full plan details provided during the interview and offer process.

If this role sounds like you, apply and share with us your interest.

Some positions may require eligibility to obtain a U.S. Government security clearance. Any clearance requirement will be listed in the role description.

Twenty is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability, or any other protected status.

If you need a reasonable accommodation during the hiring process, let us know and we will work with you.