Cyber Security Expect L3

Cybersecurity Manager

RedTeam Specialist / Penetration Testing

• Plan, design, and execute red/purpleteam engagements to simulate APT-style real-world attacks
  
• Conduct comprehensive penetration tests across web applications, networks (AD, APIs), cloud, mobile, and OT/ICS environments
  
• Perform full-stack post-exploitation: lateral movement, privilege escalation, persistence, and credential harvesting
  
• Execute physical and social-engineering exercises (phishing, vishing, physical intrusion)
  
• Develop and customize attack tools, shellcode, payloads, and scripts
  
• Collaborate with Blue Team to tune defensive controls and carry out purple team activities
  

BlueTeam Analyst / Defensive Security

• Monitor, analyze, and respond to security alerts; perform incident detection, containment, and response
  
• Hardening systems: patching, firewalls, endpoint protections; enforce policy compliance .
  
• Tune SIEM/IDS/IPS tools based on insights from offensive testing reddit.com.
  
• Participate in incident response drills and threat-hunting exercises .
  
• Conduct post-mortems and refine detection and response plans.
  

DevSecOps Engineer

• Integrate automated security checks (SAST, DAST, IaC, dependency scanning) into CI/CD pipelines
  
• Build security-as-code: policies, container security, image scanning, secrets management.
  
• Automate vulnerability scanning and remediation workflows
  
• Collaborate with development/devops to embed security into the SDLC
  
• Monitor runtime environments and respond to security issues in production.
  

Education & Experience

• Bachelor's in Computer Science, Cybersecurity, or related field (Masters preferred)
  
• 3–7+ years in cybersecurity covering pentesting, red/purple teaming, blue team operations, and DevSecOps integration.
  

Technical Skills & Tools

• Offensive toolkits: Metasploit, Burp Suite, Nmap, Nessus, Cobalt Strike, Empire/Sliver, GoPhish, Mimikatz,
  
• Defensive tools: SIEM/IDS/IPS platforms, endpoint security suites.
  
• Programming/Scripting: Python, PowerShell, Bash, plus C/C++, JavaScript
  
• Security frameworks: OWASP, MITRE ATT&CK, NIST, TIBER, ISO 27001, PCI, GDPR compliance.
  
• Cloud & container: AWS/Azure/GCP, Docker/K8s security
  
• OS expertise: Windows, Linux, macOS, Active Directory, network infrastructure .
  

Certifications

• Offensive: OSCP, OSCE, GPEN, CRTP, CRTO, CEH, PenTest+, GXPN
• Defensive/Compliance: CISSP, Security+, GCIH, CySA+, CCSP
  

Soft Skills

• Analytical, creative, and adversarial mindset.
  
• Excellent communicator: technical details for engineers, executive summaries for leadership .
  
• Ethical integrity, discretion, and able to handle sensitive tasks.
  
• Collaborative; experience mentoring junior staff.
  
• Passion for continuous learning and staying current with emerging threats