Exp-6+ years
NP-Immediate to 15 days
Location- Gurgaon
- Skill Set-Experience with threat intelligence and threat modelling.
- Familiarity with security compliance and regulatory frameworks like PCI-DSS, HIPAA, and SOC2.
- Ability to design and implement red team strategies and methodologies.
- Experience in conducting social engineering and phishing campaigns.
JD:
We are looking for an experienced Level 3 Red Team Lead to fortify our cybersecurity defence's by simulating sophisticated cyber-attacks and leading penetration testing efforts. The successful candidate will spearhead red team operations, identify security weaknesses, and collaborate with teams to enhance our security posture.
Key Responsibilities:
- Lead and execute advanced penetration testing and red team operations, targeting network, application, and cloud environments.
- Develop and implement red team exercises to simulate real-world attack scenarios.
- Perform in-depth vulnerability assessments and manage remediation efforts.
- Identify and exploit security vulnerabilities using both automated tools and manual techniques.
- Collaborate with blue teams and incident response to improve detection and response strategies.
- Translate findings into clear remediation playbooks (patch/config/hardening/compensating controls) with prioritized backlogs per platform.
- Champion risk-based prioritization using threat intel (e.g., KEV, EPSS), exploit maturity, exposure paths, and asset criticality.
- Provide hardening feedback to endpoint, identity, network, and cloud architects; co-design preventive controls and guardrails.
- Partner with EDR/XDR/SIEM teams to create/validate detections and analytic rules; integrate findings with ticketing/CMDB/GRC for continuous validation.
- Drive automation for scan orchestration, deduplication, and validation (e.g., pre/postremediation checks, CI/CD hooks for security tests).
- Mentor and guide red team members, providing training and development opportunities.
- Stay ahead of emerging cybersecurity threats, tactics, and procedures to continuously improve red team methodologies.
- Produce executive-level summaries and deep technical reports with clear risk framing, exploit chains, and remediation timelines.
Qualifications:
- Bachelor's degree in computer science, Information Security, or a related field. A master's degree is preferred.
- 5+ years of experience in penetration testing, red teaming, or advanced threat emulation.
- In-depth knowledge of network, cloud, and application security.
- Proficiency with penetration testing frameworks and tools such as Metasploit, Cobalt Strike, and Burp Suite.
- Advanced certifications such as OSCP, OSCE, OSEE, or equivalent are highly recommended.
- Strong scripting and programming skills (Python, PowerShell, Bash).
- Excellent analytical, problem-solving, and critical-thinking skills.
- Exceptional communication skills, capable of conveying complex security issues to diverse audiences.
