Red Team Analyst - L1

Job Title:

Red Team Analyst (L1)

Location:

Mumbai / Onsite

Department:

VAPT / Red Team

Job Overview:

We are looking for an entry-level to junior Red Team Analyst (L1) who will support the delivery of Red Teaming as a Service (RTaaS) engagements. The role focuses on executing defined attack techniques, performing reconnaissance, assisting in adversary simulations, and supporting modular red team services such as External Red Teaming, Assumed Breach simulations, Web/API exploitation, Social Engineering, and Cloud attack scenarios.

This position is designed to build strong hands-on foundations in real-world offensive security under the guidance of L2/Senior resources.

Key Responsibilities

Red Team Operations

• Assist in executing RTaaS engagements across multiple service modules.
• Perform external and internal reconnaissance, OSINT, and attack surface mapping.
• Support initial access activities such as:
• Basic phishing simulations
• Password spraying and credential attacks
• Exploitation of known vulnerabilities in web and network services
• Assist in External Red Teaming scenarios including network, web, and wireless attack simulations.
• Support Internal Red Teaming (Assumed Breach) operations under supervision.

Post-Exploitation Support

• Assist in:
• Privilege escalation attempts
• Lateral movement within networks
• Credential harvesting
• Basic persistence techniques
• Execute controlled exploitation steps as directed by L2 resources.

Adversary Emulation

• Understand and apply MITRE ATT&CK techniques during engagements.
• Execute assigned attack steps within defined adversary simulation scenarios.
• Maintain strict OPSEC and adhere to Rules of Engagement (ROE).

Tooling & Execution

• Use red team tools such as:
• Nmap, Metasploit, Burp Suite
• CrackMapExec, BloodHound (basic usage)
• Basic interaction with C2 frameworks (payload execution, beacon handling)
• Assist in setting up basic attack infrastructure:
• Phishing kits
• Payload hosting
• Simple redirectors

Service Delivery Exposure

• Support RTaaS service modules such as:
• External Network & Web Red Teaming
• Internal Assumed Breach simulations
• Social Engineering campaigns
• Cloud misconfiguration exploitation (basic level)

Reporting & Documentation

• Document:
• Identified vulnerabilities
• Exploited attack paths
• Evidence such as screenshots, logs, and command outputs
• Assist L2 resources in preparing final reports and remediation validation.

Required Qualifications

Education

• Bachelor's degree in computer science, Information Security, or related field (preferred).

Experience

• 01+ years of experience in Red Teaming, VAPT, or Offensive Security.
• Strong interest in adversary simulation and real-world attack methodologies.

Technical Skills (Required)

Basic to intermediate understanding of:

• Networking fundamentals (TCP/IP, DNS, HTTP/S)
• Windows and Linux operating systems
• Active Directory fundamentals
• OWASP Top 10 vulnerabilities

Familiarity with:

• MITRE ATT&CK framework
• Basic red team methodologies and engagement processes

Hands-on exposure to:

• Vulnerability scanning and basic exploitation
• Password attacks (bruteforce, spraying, dictionary attacks)
• Simple privilege escalation techniques

Nice to Have / Preferred

• Basic knowledge of:
• Active Directory attacks (Kerberoasting, AS-REP Roasting awareness level)
• Phishing tools and frameworks
• Cloud security testing concepts
• Scripting basics:
• Python, Bash, or PowerShell
• Exposure to CTFs and labs (HTB, TryHackMe, VulnHub).

Certifications (Preferred, Not Mandatory)

• CEH
• eJPT
• PNPT (Junior level)
• CRTO (Beginner exposure)