Penetration Tester/ Red Team Ops

Job Title:

Location:

About ColorTokens

ColorTokens

Leader in the Forrester Wave™: Microsegmentation Solutions (Q3 2024)

Join us in transforming cybersecurity. Learn more at www.colortokens.com.

Our culture

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world’s impactful organizations – be it a children’s hospital, or a city, or the defense department of an entire country.

Skills Required:

Key Responsibilities:

• Plan and execute red team exercises simulating real-world threat actor behaviors.
• Conduct comprehensive penetration tests on internal and external networks, applications (web, mobile, APIs), and cloud environments.
• Identify and exploit security flaws to assess the effectiveness of preventive and detective controls.
• Develop custom tools, scripts, and techniques to aid in assessments and evade detection.
• Collaborate with blue teams to improve detection and response capabilities.
• Prepare detailed reports outlining findings, proof-of-concepts, and recommended mitigations.
• Stay current on emerging threats, offensive tactics, tools, and vulnerabilities.
• Assist with purple teaming and adversary emulation exercises.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• 6+ years of hands-on experience in red teaming, offensive security, Infrastructure web application, API, Cloud Pen testing.
• Proficient in tools such as Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, Active directory assessment, and custom scripting (Python, PowerShell, Bash).
• Strong understanding of MITRE ATT&CK framework, threat and adversary emulation.
• Knowledge of Windows and Linux internals, Active Directory, and cloud platforms (AWS/Azure/GCP).
• Familiarity with social engineering tactics and phishing and physically security (a plus).
• Having experience in creating documentations for services
• Certifications (Preferred):OSCP (mandatory)CRTP , OSCE, OSEP, CRTE, GPEN, GXPN, or equivalent.