Role: Lead Red Team Engineer / Offensive Security Specialist
Job Summary
We are looking for a seasoned Offensive Security professional to lead and execute sophisticated Red Team engagements. The ideal candidate will simulate real-world cyber-attacks to test the resilience of our enterprise defenses, identify detection gaps, and collaborate with Blue Teams to harden our security posture.
Key Accountabilities (Duties & Responsibilities)
- Adversary Simulation: Plan and execute end-to-end Red Team engagements simulating real-world threat actors, attack paths, and tactics aligned with the MITRE ATT&CK framework.
- Advanced Penetration Testing: Conduct deep-dive security assessments across web applications, APIs, mobile apps, internal/external networks, and cloud environments.
- Social Engineering: Design and execute authorized simulations, including phishing and pretexting, to evaluate the human element of security.
- Exploitation & Lateral Movement: Perform advanced privilege escalation, lateral movement, and post-exploitation activities within controlled environments.
- Defensive Validation: Validate the effectiveness of security controls such as EDR, SIEM, SOAR, WAF, and IAM; provide actionable feedback to Blue and Purple teams.
- Tooling & Automation: Setup, customize, and enhance Red Team lab infrastructure. Develop or modify custom scripts, payloads, and exploits to bypass modern security controls.
- Threat Intelligence Integration: Develop attack scenarios based on current global threat updates and business-specific risks.
Technical Knowledge & Expertise
- Frameworks: Mastery of the MITRE ATT&CK Framework and Cyber Kill Chain.
- Offensive Tooling: Expert-level proficiency with tools like Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, CrackMapExec, PowerSploit, Mimikatz, and Impacket.
- Infrastructure Security: Deep experience in Active Directory security testing, authentication service exploitation, and OSINT gathering.
- Programming & Scripting: * Scripting: Python or PowerShell for utility and tool development.
- Programming: Knowledge of C / C++ for exploit modification.
- Systems & Networking: Strong understanding of system internals, OSI layers, and complex application architectures.
Key Attributes (Experience & Qualifications)
- Education: BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute.
- Experience: * 812 years of total experience in IT or Information Security.
- At least 45 years of dedicated experience in Penetration Testing / Ethical Hacking / Red Teaming.
- Certifications: Mandatory offensive security certifications such as OSCP, OSCE, CRTP, CRTE, or CEH.
- Standards: Thorough knowledge of global Information Security standards and penetration testing methodologies.
