8 Red Team Jobs

As a Security Professional specializing in Red Team, you will be responsible for conducting assessments and simulations to identify vulnerabilities in the organization's security measures. Your primary skill set should include expertise in Red Team operations, with a focus on outsmarting and challenging existing security protocols. Additionally, proficiency in Web Vulnerability Assessment and Penetration Testing (VAPT) along with Mobile VAPT will be valuable secondary skills for this role. You should have a solid background in assessing web and mobile applications for potential security risks and implementing measures to enhance their overall security posture. Ideally, you should possess 3 to 6 years of relevant experience in the field of cybersecurity, with a proven track record of successful Red Team engagements and VAPT assessments. Your expertise will be crucial in ensuring the robustness of the organization's security infrastructure and safeguarding against potential cyber threats. This position is based in Mumbai, with a requirement for working from office (WFO) five days a week. Your presence on-site will facilitate collaboration with the team and enable real-time response to security incidents, ensuring proactive security measures are in place. Key skills for this role include Red Team operations, VAPT methodologies, and specifically Mobile VAPT techniques. Your ability to think like an adversary and anticipate potential security breaches will be essential in protecting the organization's digital assets effectively.,

Key Responsibilities 1. To participate in functional as well as technical discussions with the client /team to understand functional /design specifications, highlight performance concerns, inconsistencies, ensure the appropriate test environments and infrastructures are in place/kept upto date. 2. To Identify opportunities for process improvement in testing methodologies /tools and Implement best practices to enhance the efficiency and effectiveness of the testing process. 3. To oversee the creation and execution of automated test scripts ensuring consistency and alignment with quality standards to minimize exposure. 4. To develop/guide and mentor QA engineers in the use of the testing framework , enhancing their technical capabilities and increasing productivity. Additional requirement: Penetration testing Web Application PT, Network Infrastructure PT, Active Directory PT, Red Team Activities "Web Application PT Must have Mobile PT Good to have Cloud Must (knowledge + understanding of Azure and AWS)Red Team Activities Must Active Directory PT MustNetworkInfrastructure PT Must have (protocols, Windows, Linux)Firewall testingauditing MustCitrix Pen testing Good to haveNetworking equipment Must (routers, switchers, load balancers, how to attack them + common weaknesses)Agile Process & Communication Good to have (it is essential that the candidate has good communicationinterpersonal skills)Certifications Completed or Optional OSCP, CPSA, CRT, CRTP, CEH (All good to have but not essential. I prefer practical knowledge than certifications)"

The Senior Analyst role within Bain's Cyber Security Department focuses on safeguarding the organization's digital assets and integrity. As a Senior Analyst, you will play a crucial role in understanding how security measures align with the organizational strategy. Your responsibilities will include organizing and leading the development and implementation of security controls that comply with regulatory requirements and best practices. You will be responsible for monitoring, analyzing, and responding to potential security incidents and threats. Assessing their urgency and impact on Bain, you will implement necessary measures to protect the organization's digital assets, data, and infrastructure. This may involve taking a leadership position in coordinating activities across the team, collaborating with technical teams and Security leadership. The Senior Analyst Security Operations role encompasses various disciplines, including Threat Intelligence, Vulnerability Management, Pro-Active Security Testing, and Enhanced Security Operations. Depending on the requirements, team members may dedicate a percentage or all of their time to these specific disciplines. Your principal accountabilities will include: - Vulnerability Management (80%) - Collaborating with cross-functional teams and providing leadership and guidance. - Conducting regular vulnerability scans on the organization's network, applications, and systems. - Implementing and operationalizing vulnerability management tools, processes, and best practices. - Prioritizing vulnerabilities based on risk and potential impact. - Leading meetings to remediate identified vulnerabilities and tracking progress. - Enhanced Security Operations (10%) - Expertise in Forensic Investigations and Tooling. - Leadership experience in Red Team, Blue Team, Purple team exercises. - Professional Development and Innovation (10%) - Staying informed about emerging trends and technologies in cybersecurity. - Collaborating with security team members, IT departments, and relevant business units to address security concerns. - Exploring Professional Certifications and planning trainings with leadership. Your knowledge, skills, and abilities should include: - Strong expertise in Security Monitoring & Incident Detection and Response. - Knowledge of various security tools like Splunk, CrowdStrike, Windows Defender, and others. - Understanding of Vulnerability & Attack Surface Management toolsets, Threat Intelligence tools, etc. - General skills such as good communication, analytical mindset, ability to work independently and in a team, eagerness to learn, and entrepreneurial spirit. Qualifications and Experience: - Bachelor's degree in a related field or equivalent education and experience. - 4-6 years of experience in the same domain. - Experience in deploying systems or applications, complex problem solving, and working in a dynamic environment. - Strong customer service, communication, troubleshooting, and endpoint security control design skills. - Experience with automation of Information Security controls, scripting, and cloud security control frameworks. In this role, you will play a vital part in enhancing the organization's overall security posture and addressing security concerns effectively. Your ability to adapt to new challenges, work collaboratively, and stay updated with cybersecurity trends will be crucial for success in this position.,

Securze is hiring Security Analysts (L2/L3) in Mumbai with 3+ yrs experience in pentesting, red/blue teaming, AD attacks, and network security. Hybrid role. Must be technically strong, confident, and eager to learn. Immediate joiners only.

Job Description: Sr. Security Engineer - VAPT & Compliance Position: Sr. Security Engineer - VAPT & Compliance Working Days: 5 days (Rotational Shifts)Experience : 6+ yearsLocation: Noida Sector-62 ( Work from office) Role Overview : We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) and an understanding of security compliance standards such as SOC 2, ISO 27001, and GDPR. The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities : • Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. • Perform vulnerability assessments and risk evaluations across client environments. • Create detailed technical and executive reports with prioritized remediation strategies. • Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. • Collaborate with cross-functional teams for remedial activities to improve the security posture. • Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications : • 6+ years of experience in cybersecurity with a focus on penetration testing and compliance. • Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. • Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. • Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred) • CEH (Certified Ethical Hacker) • ISO/IEC 27001 Lead Auditor / Lead Implementer • Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills : • Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. • Client-facing consulting experience or report presentation skills. • Cyber Security vibe is a must. If interested then share your updated CV on agarwal.saumya@thinksys.com

Who We Are : Sirion is the worlds leading AI-native CLM platform, pioneering the application of generative AI to help enterprises transform the way they store, create, and manage contracts. The platform’s extraction, conversational search, and AI-enhanced negotiation capabilities have revolutionized contracting across enterprise teams – from legal and procurement to sales and finance. The world’s most valuable brands trust Sirion to manage 7M+ contracts worth nearly $800B and relationships with 1M+ suppliers and customers in 100+ languages. Leading analysts such as Gartner, IDC, and Spend Matters have consistently recognized Sirion as a leader in CLM for its focus on category-leading innovation. What You’ll Do : Experienced in application security testing (source code review and application penetration tests) – web, mobile, API’s, Plugin’s. Experienced in performing Threat Modelling. Experience with Cloud and Container Security. Experience with Secure Development and Testing processes and detection. Experience in automating security testing and remediation through scripting using languages like Bash, Python and VBScript. Knowledge of secure coding concepts. Good knowledge of OWASP and current and emerging threats Good experience in Security testing tools like Burp Suite/Acunetix/Metasploit/Kali. Understands Security testing requirements and testing strategy. Knowledge on capturing and diagnosing logs for application errors. Good understanding of the entire project life cycle, QA methodologies and processes. Experience with web application firewall, encryption, networking, web services. Create detailed, comprehensive and well-structured Security test plans and Security test cases. Estimate, prioritize, plan, and coordinate testing activities. Strong, effective interpersonal and communications skills; able to interact professionally with customers and team members. What You’ll Need : Ability to multi-task effectively and work under pressure Relationship and trust-based information security program (not authority-based) Self-driven and initiator Task finisher Commitment to Diversity and Inclusion: We are an equal opportunity employer committed to diversity and inclusion. We do not discriminate based on race, color, gender, religion, national origin, ancestry, age, disability, medical condition, genetic information, military or veteran status, marital status, pregnancy, gender identity, sexual orientation, or any other protected characteristic. We provide reasonable accommodations for disabled employees and applicants as required by law. These principles apply to all aspects of employment, including recruitment, training, promotions, compensation, benefits, transfers, and social programs. Excited about this opportunity? We’d love to hear from you! To apply, simply visit our Careers Page Careers at Sirion page and follow the easy steps to submit your application.

Are you a skilled penetration tester looking for an exciting new opportunity to take your career to the next level? Join our dynamic cybersecurity team, where youll have the chance to work on cutting-edge projects, including cloud security, reverse engineering, threat modelling, and product security . Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Strong leadership qualities, plan, monitor and manage activities for self and team. Passion to deliver the promised service. Motivated, self-starter individual with high level of integrity, intensity, and activity with a can-do attitude. Ability to understand Organization objectives and execute them accordingly. Disciplined process-oriented work style and ability to work independently You are a perfect technical fit if: Advanced knowledge of common penetration testing tools (Burp Suite, Metasploit, Wireshark, etc.).Proficient in reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.).Deep understanding of cloud-native security issues and technologies (containers, Kubernetes, serverless, etc.).Strong knowledge of application security principles, including OWASP Top 10, secure coding practices, and common vulnerabilities.Understanding of product security practices and secure software development life cycles. You Have All Our Desired Qualities, if: Minimum 5+ years of hands-on experience in penetration testing, security research, or related fields. Proven track record in performing complex security assessments on cloud environments (AWS, Azure, GCP), thick client applications, and enterprise systems. Experience with reverse engineering (static and dynamic analysis) of software and binaries. Expertise in threat modelling, risk assessment, and security design for software products. Extensive experience in vulnerability analysis and exploitation techniques across diverse platforms. Deep understanding of: Web application and API vulnerabilities (e.g., SQLi, XSS, IDOR) Mobile app security (reverse engineering, instrumentation) Network and infrastructure testing Cloud security misconfigurations and privilege escalation AI/LLM attack vectors (prompt injection, model extraction, data poisoning, etc.) Your everyday work will look like: Lead penetration tests on cloud infrastructures (AWS, Azure, GCP), thick client apps, and enterprise systems. Conduct security research and vulnerability assessments on cloud platforms. Collaborate with product teams and clients to create threat models, identifying risks, vulnerabilities, and attack vectors with clear, actionable insights. Reverse-engineer binaries, software, and applications to uncover vulnerabilities, develop exploits, and improve product security. Assess and advise on security throughout the product lifecycle, from design to deployment, ensuring robust security measures. Develop custom security tools and scripts to improve testing efficiency and address new vulnerabilities. Stay updated on emerging threats, attack techniques, and security trends, sharing insights with the team to maintain cutting-edge expertise. Certifications : Offensive Security Certified Professional (OSCP) or similar certifications such as CEH, CRTP, OSCE, or CISSP.Additional certifications or training in cloud security, reverse engineering, or product security are a plus. Soft Skills: Excellent communication skills to present findings and security concepts clearly to both technical and non-technical stakeholders.Strong problem-solving skills with the ability to think creatively and develop solutions to complex security challenges.Leadership capabilities to mentor and guide junior security consultants and researchers.Ability to work independently and manage multiple projects effectively under tight deadlines. Preferred Qualifications: Experience in developing custom security tools or exploits.Experience with threat hunting or advanced adversarial techniques.Familiarity with advanced attack frameworks like MITRE ATT&CK.

Department: Information Technology Location: Ahmedabad, Gujarat Experience: 10+ Years Education: Bachelors/Masters degree in Computer Science, Cybersecurity, or a related field Certifications Preferred: OSCP, OSCE, OSEP, CRTP, CRTE, GPEN, GXPN, or equivalent Job Summary: We are seeking a highly experienced and skilled Red Team Specialist to join our cybersecurity team. The ideal candidate will lead advanced adversary simulations and penetration testing efforts to evaluate and strengthen the organization’s security posture. This role involves simulating real-world attack scenarios, identifying vulnerabilities, collaborating with Blue Teams, and recommending remediation strategies to enhance threat detection and response capabilities. Key Responsibilities: Adversary Simulation & Attack Execution Conduct full-scale Red Team assessments, emulating advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). Simulate real-world attacks using frameworks and tools like MITRE ATT&CK, Cobalt Strike, Empire, Metasploit, and BloodHound. Exploit vulnerabilities across network infrastructure, cloud platforms, and web applications. Perform lateral movement, privilege escalation, and data exfiltration while evading detection mechanisms. Penetration Testing & Exploitation Perform internal and external penetration testing across enterprise systems. Identify and exploit misconfigurations and security gaps. Assess Active Directory security, including Kerberoasting, NTLM relay, and credential dumping. Develop custom payloads, exploits, and offensive methodologies. Evasion & Anti-Detection Techniques Employ techniques to bypass endpoint detection systems (EDR/XDR), SIEM tools, and behavioral analytics. Test the resilience of Blue Team monitoring capabilities. Implement obfuscation strategies and evasion tactics. Red Team & Blue Team Collaboration Participate in Purple Team exercises to enhance incident detection and response. Collaborate with SOC and threat intelligence teams to refine adversary emulation and response strategies. Contribute to improving incident response playbooks. Reporting & Documentation Document attack chains, vulnerabilities, and testing outcomes in detailed reports. Present technical findings and remediation recommendations to stakeholders. Create post-engagement reports, including MITRE ATT&CK mapping and kill chain analysis. Key Skills & Competencies: Proficient with offensive security tools: Cobalt Strike, Metasploit, Mimikatz, Empire, Covenant Deep understanding of frameworks: MITRE ATT&CK, Cyber Kill Chain, TIBER-EU Advanced expertise in Active Directory attacks , Kerberos exploitation , and lateral movement Strong scripting and automation skills: Python, PowerShell, Bash, C# Hands-on experience with cloud environments (Azure, AWS, GCP) and cloud exploitation Skilled in EDR/XDR evasion and SIEM bypass techniques Proven experience with Red Team / Blue Team collaboration and adversary emulation Analytical mindset with excellent problem-solving and documentation skills