Job
Description
Role & Responsibilities: Key highlights of the role are listed below (purely indicative and not limiting): This position would include the mentioned set of responsibilities but not limited to: Design and execute real-world adversary simulations, including full-scope red team engagements. Develop and implement custom attack methodologies for testing defenses against sophisticated cyber threats. Perform IT Infra VAPT, application testing, and cloud security assessments. Conduct Active Directory exploitation, lateral movement, and privilege escalation attacks. Utilize MITRE ATT&CK framework to model threats and enhance threat intelligence integration. Simulate social engineering attacks (phishing, vishing, physical security testing) to assess human risk factors. Research and develop custom exploits, scripts, and payloads to bypass security controls. Work with the blue team, SOC, and detection engineers to improve threat detection and response. Identify security gaps in monitoring, logging, and alerting systems and recommend improvements. Conduct post-engagement debriefs and develop detailed mitigation plans for security weaknesses. Manage and enhance VAPT toolsets, attack frameworks, and adversary emulation platforms. Assess the effectiveness of security policies, standards, and procedures to align with industry best practices. Provide input into security risk assessments and ensure alignment with compliance frameworks (NIST, ISO 27001, CIS). Perform continuous security testing and attack surface reviews to identify new threats. Provide technical consultation to development, IT, and security teams to improve secure coding practices. Deliver red team reports, threat assessments, and executive-level briefings. Job specific skills: Experience in offensive security, penetration testing, or red teaming. Deep understanding of network security, system vulnerabilities, and exploit development. Proficiency in red team tools such as Nessus, Nipper, Appscan, Cobalt Strike, Metasploit, Bloodhound, Empire, Mimikatz, Burp Suite etc. Hands-on expertise in Windows, Linux, and cloud security (AWS, Azure, GCP). Strong scripting skills in Python, PowerShell, Bash, or C/C++. Advanced Attack Techniques: Experience in Active Directory attacks, Kerberoasting, Golden/Silver Ticket attacks, and pass-the-hash techniques. Ability to find vulnerabilities after bypassing EDR, SIEM, firewalls, IDS/IPS, and endpoint security controls. Knowledge of privilege escalation, persistence mechanisms, and lateral movement techniques. Familiarity with zero-day vulnerability research and exploit development. Experience with phishing campaigns, credential harvesting, and OSINT reconnaissance. Understanding of physical penetration testing, badge cloning, and RFID attacks. Knowledge of security standards such as MITRE ATT&CK, NIST, ISO 27001, CIS, OWASP. Ability to assess and improve security policies, standards, and compliance controls. Strong analytical thinking, problem-solving skills, and attention to detail. Excellent communication skills, with the ability to convey technical findings to technical and non-technical audiences. Possess soft skills, Leadership, Mentorship & Knowledge Sharing Experience mentoring and training junior team members and cross-functional teams. Certifications (Preferred but not required) OSCP, OSEP, OSCE, CRTO, CISSP, GPEN, GXPN, Red Team Ops (RTO) or equivale
