Job Description: We are looking for a highly skilled and experienced Senior Red Teaming/Offensive Security Consultant to lead and execute offensive security engagements, simulate real-world attacks, and collaborate closely with defensive teams to strengthen security posture.
Responsibilities:
- Plan, scope, and lead internal Red Teaming operations, ensuring the involvement of all key project stakeholders.
- Execute red team engagements focusing on testing and bypassing defensive mechanisms across corporate networks, web applications, and infrastructure (Windows/Linux).
- Develop detailed adversary emulation and simulation plans to continuously assess and challenge security defences.
- Conduct in-depth security assessments of corporate critical infrastructure, Active Directory environments, and cloud (Azure/AWS/O365) deployments.
- Build custom tools, scripts, and methodologies to enhance internal red team capabilities.
- Develop detailed reports highlighting engagement outcomes, observations, and remediation steps in appropriate language and style for different stakeholders.
- Collaborate closely with the Blue Team to discuss findings, remediation strategies, and opportunities for enhancing detection and response mechanisms.
- Perform offensive security assessments of firewalls, security groups, and security configurations within cloud environments.
- Conduct penetration tests across web, mobile, and cloud applications, including exploit development for proof-of-concept demonstrations.
- Utilize adversarial techniques like OSINT, phishing, lateral movement, and post-exploitation to assess the effectiveness of organizational defences.
- Mentor junior staff members and provide leadership during engagements from scoping through remediation.
- Research and develop new offensive security techniques and internal tooling.
Actively contribute to the security community through talks, CTFs, and related engagements.
Qualifications (Knowledge, Skills, and Abilities):
- Bachelor's degree in computer science or related field (or equivalent work experience).
- Extensive hands-on experience in red teaming, adversary emulation, or penetration testing.
- Expertise in scripting languages (Python, Go, Ruby, PowerShell) for automation of attacks and tool development.
- Strong understanding of cloud security vulnerabilities, including AWS, Azure, and GCP, and best practices for securing cloud environments.
- Deep knowledge of network protocols, operating systems (Windows, Linux), web/mobile applications, and encryption mechanisms.
- Familiarity with offensive security tools like Cobalt Strike, Metasploit, Burp Suite, Empire, Nmap, and various C2 frameworks.
- Experience working with commercial or open-source adversary emulation platforms.
- Understanding of security frameworks such as MITRE ATT&CK, OWASP Top 10, and NIST.
- Strong analytical, problem-solving, and communication skills with the ability to present technical concepts and remediation steps clearly.
Participation in security community events, CTF competitions, or publications.
Preferred Certifications:
- CRTO, OSCP, CREST, GXPN, GPEN, or relevant cloud security certifications.
