Job Summary:
We are looking for an experienced Senior Engineer – Information Security to lead and manage our red team operations. The ideal candidate will be responsible for conducting advanced red teaming assessments, managing and mentoring the red team, coordinating with cross-functional teams including Purple, Blue, and ASR teams, and driving the organization’s offensive security initiatives to identify and mitigate vulnerabilities effectively.
Key Responsibilities:
- Lead Red Team Exercises: Lead and perform red teaming exercises, including penetration testing, vulnerability assessments, and exploitation across systems, networks, applications, and cloud environments.
- Hands-on Assessments & Validation: Conduct hands-on red teaming assessments and validate the quality and effectiveness of team deliverables.
- Attack Strategy Development: Develop and execute sophisticated attack strategies, leveraging social engineering, phishing, exploitation of vulnerabilities, and network manipulation.
- Cross-Functional Coordination: Supervise and collaborate with Purple Team, Blue Team, ASR Team, and other stakeholders to enhance detection, response, and remediation capabilities.
- Team Management & Productivity: Mentor, manage, and monitor the productivity of the red team; foster effective communication and maintain a collaborative, efficient working environment.
- Custom Exploit Development: Design and develop custom exploits, payloads, and automation scripts to test security controls and simulate realistic adversarial tactics.
- Vendor & Stakeholder Management: Manage relationships with third-party red teaming vendors, oversee engagements, and ensure alignment with organizational goals and compliance requirements.
- Simulation Tools Expertise: Utilize Breach and Attack Simulation (BAS), CART, Cobalt Strike, Metasploit, and custom scripting to simulate advanced threat scenarios.
- Post-Engagement Reporting: Review and produce detailed, clear, and actionable reports documenting findings, risk assessments, and remediation recommendations for technical and non-technical audiences.
- Issue Resolution & Escalation: Handle escalations proactively and ensure timely resolution of security issues while keeping management informed.
- Continuous Learning: Stay updated with emerging threats, new offensive security tools, frameworks (MITRE ATT&CK), and industry best practices to continuously enhance team capabilities.
Qualifications and Experience:
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent experience.
- 4+ years of experience in offensive security, red teaming, penetration testing, or related roles, including team leadership or management experience.
- Expertise with red teaming tools and frameworks such as Cobalt Strike, Metasploit, BloodHound, Empire, etc.
- Strong understanding of network protocols, cloud security, endpoint security, and application security vulnerabilities.
- Experience developing custom exploits, scripts, and automation tools using Python, PowerShell, or similar languages.
- Familiarity with social engineering tactics and physical security assessments.
- Proven ability to manage vendor relationships and coordinate multi-team security efforts.
- Relevant certifications such as OSCP, OSCE, CRTO, or equivalent are highly desirable.
Key Skills:
- Leadership and team management skills with ability to mentor and guide security professionals.
- Advanced penetration testing and vulnerability exploitation capabilities.
- Hands-on experience performing red teaming assessments and validating team deliverables.
- Strong cross-team collaboration and stakeholder management skills.
- Proficient scripting and automation expertise.
- Excellent analytical, problem-solving, and critical-thinking abilities.
- Clear verbal and written communication skills suitable for technical and executive audiences.
- Ability to work independently and in a collaborative environment.
Preferred Certifications:
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Certified Red Team Operator (CRTO)
- GIAC Penetration Tester (GPEN)
- Certified Ethical Hacker (CEH)
