Principal Penetration Testing Engineer

AXS connects fans with the artists and teams they love. Each year we sell millions of tickets to thousands of incredible events - from concerts and festivals to sports and theater - at some of the most iconic venues in the world. Since our founding in 2011, we've consistently pushed the industry forward and improved experiences for fans, making it easier than ever to discover events, find the perfect seats, and enjoy unforgettable live entertainment, and we continue to lead the evolution of our industry today.

We're passionate about improving the fan experience and providing game-changing solutions for our clients, and we're always looking for smart, motivated people to help make it happen. Bring your enthusiasm, your big ideas, and your desire to team up with some of the best and brightest in technology and entertainment.

The Role

AXS is seeking aPrincipal Penetration Testing Engineer to join our offensive security program and active adversary intervention capabilities. This is not a standard penetration testing role-you'll architect and execute sophisticated adversary emulation campaigns, hunt live threats in production environments, and bridge the gap between offensive and defensive security through purple team operations.

In this role, you'll think simultaneously as attacker and defender, leading engagements that test not just our technical controls but our people, processes, and detection capabilities. You'll work directly with incident response teams during active breaches, applying offensive tradecraft to reconstruct attack paths, predict adversary next moves, and validate remediation effectiveness. You'll also help shape our security strategy at the highest levels, presenting to executive leadership and driving organization-wide security initiatives. You will work on consumer-facing and B2B applications that can scale and handle high demand, as well as complex enterprise systems that meet our global needs.

What you will do

Security Operations & Tooling - Planning, Creation and Refinement

• Design complex red team operations spanning weeks or months, operating covertly to test detection and response capabilities across the entire kill chain.
• Build and maintain sophisticated C2 infrastructure with multi-layer redirectors, domain fronting, and encrypted covert channels
• Create comprehensive adversary emulation playbooks that defensive teams can use for tabletop exercises and detection validation
• Develop custom tooling, exploits, and evasion techniques to bypass modern security controls (EDR, SIEM, DLP, next-gen firewalls)
• Develop and refine detection engineering rules based on offensive TTPs, ensuring blue teams can identify sophisticated adversary behavior

Facilitation and Execution

• Facilitate purple team exercises bringing red and blue teams together for collaborative security validation and continuous improvement:
• Lead adversary emulation campaigns based on real threat actor TTPs, mapping all activities to MITRE ATT&CK and ensuring realistic simulation of APT groups targeting our industry

Security Operations Threat Hunting

• Conduct proactive threat hunting campaigns leveraging hypothesis-driven investigation, behavioral analytics, and threat intelligence
• Conduct zero-day research and vulnerability discovery through fuzzing, patch analysis, and novel attack surface exploration
• Test detection capabilities against realistic attack scenarios, identifying blind spots and tuning security controls for higher fidelity

Cyber Incident Response

• Provide expert advice on eviction operations, coordinating simultaneous remediation across compromised systems while preventing adversary reinfection
• Engage live adversaries in controlled scenarios to gather intelligence, understand objectives, and develop containment strategies
• Serve as cyber security subject matter expert during active security incidents, applying offensive expertise to threat hunting, attack path reconstruction, and adversary prediction

What you will bring:

• BS in Computer Science or 10 years full-time experience in a computer science role in lieu of a degree.
• 15+ years in information security with at least 5 years in offensive security roles (red team, penetration testing, exploit development)
• 5+ years in incident response, threat hunting, or defensive security operations demonstrating deep understanding of detection and defensive capabilities
• Proven track record leading complex red team engagements against Fortune 500 or similarly complex enterprise environments
• Experience serving as technical subject matter expert or incident manager during active security incidents involving sophisticated adversaries
• Demonstrated expertise conducting adversary emulation campaigns
• Nice to have: Background in security research with published CVEs, conference talks (DEFCON, Black Hat, BSides), or security tool contributions (public or private)
• Nice to have: Experience with Git and CI/CD Security Practices
• Nice to have: Experience with event-driven technologies, e.g. Kafka
• Nice to have: Experience using NOSQL databases such as Elasticsearch or AWS DynamoDB
• Nice to have: Experience in the ticketing industry, inventory management systems or e-commerce

Pay Scale: $180,000 - $225,000

Bonus:This position is eligible for a bonus under the current bonus plan requirements.

Benefits: Full-time: We offer a comprehensive benefits package that includes: medical, dental and vision insurance, paid holidays, vacation and sick time, company paid basic life insurance, voluntary life insurance, parental leave, 401k Plan (with a current employer match of 3%), flexible spending and health savings account options, and wellness offerings. Currently, full time employees are eligible for these benefits on the first day of employment.

*Employer does not offer work visa sponsorship for this position.

What's in it for You?

• Extraordinary People - we're not kidding!
• Meaningful Mission- Helping revolutionize an industry and deliver better experiences for fans and clients around the world.
• Development and Learning - Opportunities for learning and leveling up through training and education reimbursement.
• Community & Belonging- A range of Employee Resource Groups (ERGs) that foster connection, inclusion, and professional growth. Access to meaningful volunteer opportunities and community engagement programs to make a positive impact beyond the workplace.

More about AXS

AXS,a subsidiary of AEG, sells millions of tickets each year for 1600+ premier venues, sports teams, and event organizers across North America, Europe, Asia, Australia and New Zealand. Headquartered in Downtown Los Angeles, California,AXS employs more than 900 professionals in multiple locations worldwide. In each location you'll find a team of dedicated, diverse employees (we've dubbed ourselves "Fanatix") who create groundbreaking products and services in a fun, fast-paced environment.

More about AEG

For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.

Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.

We are dedicated to a diverse, inclusive and authentic workplace, so if you're excited about this role but can't "check every box" in the job description, we encourage you to apply anyway. You may be the right candidate for this or other roles.

AEG reserves the right to change or modify the employee's job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside their normal description.

AEG's policy is to hire the most qualified applicants, and we comply with all applicable federal, state and local employment laws in making hiring and employee decisions. We are an equal opportunity employer and do not discriminate against applicants or employees on the basis ofrace, color, marital status, disability, religion, age, sex, sexual orientation, national origin, genetic information, veteran status, or any other legally protected status recognized by applicable federal, state or local law.

#LI-Hybrid