3 Kerberoasting Jobs

Job Title: Manager - Offensive Security (IC Role / Operational Lead) We're seeking a highly skilled offensive security specialist to lead and drive offensive security operations within our cybersecurity program. While this is an individual contributor (IC) position, the title Manager reflects the role's strategic and operational leadership - not people management. The ideal candidate will have 5-7 years of hands-on experience in red teaming, adversary simulation, or penetration testing, with a strong grasp of attack techniques and the ability to plan, coordinate, and execute advanced offensive assessments. You will be responsible for shaping offensive engagements, guiding technical direction, collaborating with internal teams, and ensuring that offensive operations align with real-world threats and business risk. If you're a technically strong operator who can lead from the front , connect offensive insights to organizational impact, and drive continuous improvement in testing capabilities, this role is for you. Key Responsibilities: Lead offensive security operations end-to-end - from scoping and planning to execution and reporting. Design, coordinate, and execute advanced attack simulations aligned to the MITRE ATT&CK framework. Develop and lead Red Team and adversary emulation campaigns across infrastructure, applications, and cloud environments. Identify and exploit security gaps using real-world TTPs including privilege escalation, lateral movement, and domain dominance. Collaborate closely with defensive teams during Purple Team exercises to enhance detection and response capabilities. Own and improve Red Team methodologies, tools, playbooks, and workflows. Deliver high-quality technical reports and executive-level summaries with clear articulation of attack paths, risks, and mitigations. Stay ahead of the curve on evolving attacker techniques and incorporate them into offensive strategy. Mentor junior red teamers and act as the primary technical escalation point for offensive assessments. Represent offensive operations in internal security reviews and technical steering meetings. Experience: 5-7 years of hands-on experience in Red Teaming, Penetration Testing, or Offensive Security roles. Proven experience in leading complex offensive assessments across enterprise environments. Experience in managing offensive operations, engagement lifecycle, and cross-team coordination. Technical Skills: Deep understanding of Windows and Linux internals, enterprise AD security, and cloud attack surfaces. Proficient in lateral movement techniques, domain escalation, Kerberoasting, delegation abuse, and token manipulation. Comfortable with C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic) and OPSEC-aware post-exploitation. Hands-on experience with tools like BloodHound, Mimikatz, Rubeus, Responder, SharpHound, Burp Suite, etc. Strong familiarity with the MITRE ATT&CK framework and applying it operationally. Scripting experience in PowerShell, Python, or Bash for PoCs, tooling, or automation. Communication & Reporting: Strong technical documentation and reporting skills - ability to translate offensive findings into structured, actionable reports. Ability to confidently present findings, attack paths, and risk narratives to both technical and leadership stakeholders. Skilled in articulating the business impact of technical vulnerabilities and threat scenarios. Preferred Qualifications: Experience leading Purple Team engagements and cross-functional security exercises. Exposure to threat intelligence-led Red Teaming methodologies (e.g., TIBER-EU, CBEST). Familiarity with Application Security (AppSec) testing methodologies. Exposure to AI/ML Red Teaming or adversarial testing of AI models and pipelines. Understanding of EDR/AV evasion, payload delivery, and defense bypass strategies. Experience in building offensive tools or attack automation frameworks. Relevant certifications: OSCP, CRTO, CRTP, OSEP , or equivalent.

Senior Security Consultant (Network Penetration Tester) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. Join the mission as a Senior Security Consultant. We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. You will be responsible for performing Network (InPen) Penetration Testing, in addition to competencies in problem solving, client service, written/verbal communication, and project execution. You will work to deliver clear, actionable reports and contribute to the development of security best practices. Responsibilities : Conduct engagements on Network (InPen) Penetration Testing independently and provide technical oversight Perform internal, external and wireless network penetration tests Create, review and deliver reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes Act as a resource for internal team members as it relates to in-depth technical questions or best practices Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations. Minimum Qualifications : Bachelors degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience Minimum of 5+ years of experience in Network Penetration Testing with expertise on InPen testing. Experience with offensive toolkits used for network and web or mobile penetration testing Familiarity with offensive and defensive IT concepts and protocols Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks. Working knowledge of Windows, Linux and MacOS operating systems internals and administration Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences Ability to work independently and as part of a team Proficient communication skills, both written and verbal Willingness to travel up to 5-10%, as required. This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs Preferred Qualifications: Ability to provide technical and QA oversight on Network (InPen) service line Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#) Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT) We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Role & Responsibilities: Key highlights of the role are listed below (purely indicative and not limiting): This position would include the mentioned set of responsibilities but not limited to: Design and execute real-world adversary simulations, including full-scope red team engagements. Develop and implement custom attack methodologies for testing defenses against sophisticated cyber threats. Perform IT Infra VAPT, application testing, and cloud security assessments. Conduct Active Directory exploitation, lateral movement, and privilege escalation attacks. Utilize MITRE ATT&CK framework to model threats and enhance threat intelligence integration. Simulate social engineering attacks (phishing, vishing, physical security testing) to assess human risk factors. Research and develop custom exploits, scripts, and payloads to bypass security controls. Work with the blue team, SOC, and detection engineers to improve threat detection and response. Identify security gaps in monitoring, logging, and alerting systems and recommend improvements. Conduct post-engagement debriefs and develop detailed mitigation plans for security weaknesses. Manage and enhance VAPT toolsets, attack frameworks, and adversary emulation platforms. Assess the effectiveness of security policies, standards, and procedures to align with industry best practices. Provide input into security risk assessments and ensure alignment with compliance frameworks (NIST, ISO 27001, CIS). Perform continuous security testing and attack surface reviews to identify new threats. Provide technical consultation to development, IT, and security teams to improve secure coding practices. Deliver red team reports, threat assessments, and executive-level briefings. Job specific skills: Experience in offensive security, penetration testing, or red teaming. Deep understanding of network security, system vulnerabilities, and exploit development. Proficiency in red team tools such as Nessus, Nipper, Appscan, Cobalt Strike, Metasploit, Bloodhound, Empire, Mimikatz, Burp Suite etc. Hands-on expertise in Windows, Linux, and cloud security (AWS, Azure, GCP). Strong scripting skills in Python, PowerShell, Bash, or C/C++. Advanced Attack Techniques: Experience in Active Directory attacks, Kerberoasting, Golden/Silver Ticket attacks, and pass-the-hash techniques. Ability to find vulnerabilities after bypassing EDR, SIEM, firewalls, IDS/IPS, and endpoint security controls. Knowledge of privilege escalation, persistence mechanisms, and lateral movement techniques. Familiarity with zero-day vulnerability research and exploit development. Experience with phishing campaigns, credential harvesting, and OSINT reconnaissance. Understanding of physical penetration testing, badge cloning, and RFID attacks. Knowledge of security standards such as MITRE ATT&CK, NIST, ISO 27001, CIS, OWASP. Ability to assess and improve security policies, standards, and compliance controls. Strong analytical thinking, problem-solving skills, and attention to detail. Excellent communication skills, with the ability to convey technical findings to technical and non-technical audiences. Possess soft skills, Leadership, Mentorship & Knowledge Sharing Experience mentoring and training junior team members and cross-functional teams. Certifications (Preferred but not required) OSCP, OSEP, OSCE, CRTO, CISSP, GPEN, GXPN, Red Team Ops (RTO) or equivale