Penetration Tester/ Red Team Ops

Job Description

Job Title: Penetration Tester/ Red Team Ops/ VAPT Location: Bangalore, India (Onsite) About ColorTokens At ColorTokens , we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen—but with our cutting-edge ColorTokens Xshield™ platform , companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected. Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave™: Microsegmentation Solutions (Q3 2024) , ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions. Join us in transforming cybersecurity. Learn more at www.colortokens.com. Our culture We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously. Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world’s impactful organizations – be it a children’s hospital, or a city, or the defense department of an entire country. Job Description Skills Required: Red Team Operations Certified, Red Team Ops Certified, OSCP, Offensive Security Certified Professional, MITRE ATT&CK, OPSEC, Operational Security Key Responsibilities: Plan and execute red team exercises simulating real-world threat actor behaviors. Conduct comprehensive penetration tests on internal and external networks, applications (web, mobile, APIs), and cloud environments. Identify and exploit security flaws to assess the effectiveness of preventive and detective controls. Develop custom tools, scripts, and techniques to aid in assessments and evade detection. Collaborate with blue teams to improve detection and response capabilities. Prepare detailed reports outlining findings, proof-of-concepts, and recommended mitigations. Stay current on emerging threats, offensive tactics, tools, and vulnerabilities. Assist with purple teaming and adversary emulation exercises. Requirements: Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience). 6+ years of hands-on experience in red teaming, offensive security, Infrastructure web application, API, Cloud Pen testing. Proficient in tools such as Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, Active directory assessment, and custom scripting (Python, PowerShell, Bash). Strong understanding of MITRE ATT&CK framework, threat and adversary emulation. Knowledge of Windows and Linux internals, Active Directory, and cloud platforms (AWS/Azure/GCP). Familiarity with social engineering tactics and phishing and physically security (a plus). Having experience in creating documentations for services Certifications (Preferred):OSCP (mandatory)CRTP , OSCE, OSEP, CRTE, GPEN, GXPN, or equivalent.