NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client's needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.
We are seeking a highly skilled and motivated Red Team Specialist to join our cybersecurity team. As a Red Team Specialist, you will simulate adversarial attacks on our organization's infrastructure, applications, and systems to identify vulnerabilities and provide actionable recommendations for improving overall security posture. You will work closely with the security operations and incident response teams to help strengthen our defenses by emulating real-world threat actor tactics and techniques.
Key Responsibilities:
- Adversarial Simulations: Plan and execute red team engagements to simulate real-world adversary attacks, including network infiltration, social engineering, web application exploitation, and physical security testing.
- Vulnerability Assessment: Identify vulnerabilities in the organization's infrastructure, applications, and networks by conducting simulated attacks, including penetration testing and security assessments.
- Threat Emulation: Develop and simulate advanced persistent threats (APTs), insider threats, and other sophisticated adversary tactics, techniques, and procedures (TTPs) to evaluate defense mechanisms.
- Collaboration: Work closely with other cybersecurity teams, such as blue teams (defensive security) and incident response, to enhance the security posture of the organization through proactive threat identification and remediation.
- Security Improvement Recommendations: Provide detailed reports and recommendations after each red team engagement, ensuring that identified vulnerabilities are addressed and mitigated in a timely manner.
- Exploit Development: Design and develop proof-of-concept exploits to demonstrate the feasibility of identified vulnerabilities.
- Social Engineering: Perform social engineering assessments, including phishing campaigns, pretexting, and physical security assessments to evaluate an organization's susceptibility to human factors in security.
- Incident Reporting: Document findings and vulnerabilities in a clear, concise manner and present them to stakeholders, including executives, technical teams, and IT staff, in both written and verbal formats.
- Continuous Learning: Stay current with the latest cybersecurity threats, tools, techniques, and industry best practices to continuously improve the red team's effectiveness.
- Tool Utilization and Development: Use commercial and open-source tools to conduct red team operations. Additionally, develop custom scripts or tools to facilitate specific attack scenarios.
Qualifications:
- Education: Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience.
Experience:
- 3+ years of experience in offensive security, penetration testing, or red teaming.
- Experience with conducting and leading red team exercises, vulnerability assessments, and penetration tests.
- Strong understanding of security concepts, network protocols, operating systems (Linux, Windows, macOS), and web application security.
Certifications:
- Certified Red Team Expert (CRTE)
- Offensive Security Certified Professional (OSCP)
- Certified Ethical Hacker (CEH) - Preferable
- GIAC Penetration Tester (GPEN) - Preferable
- Certified Information Systems Security Professional (CISSP) - Preferable
Technical Skills:
- Proficiency in programming/scripting languages such as Python, Bash, PowerShell, or others.
- Experience with red team tools (e.g., Cobalt Strike, Metasploit, Burp Suite, Nmap, etc.).
- Familiarity with attack simulation platforms, threat emulation frameworks (e.g., MITRE ATT&CK).
- Strong knowledge of attack methodologies and the tactics, techniques, and procedures (TTPs) of advanced persistent threats (APTs).
Soft Skills:
- Strong analytical and problem-solving skills.
- Ability to communicate complex technical findings to both technical and non-technical stakeholders.
- Strong attention to detail and ability to work independently or as part of a team.
- Proactive, self-motivated, and eager to learn new security techniques and technologies.
