Red Team Specialist

Job Description

Key Responsibilities : Adversarial Simulations : Plan and execute red team engagements to simulate real-world adversary attacks, including network infiltration, social engineering, web application exploitation, and physical security testing. Vulnerability Assessment : Identify vulnerabilities in the organization's infrastructure, applications, and networks by conducting simulated attacks, including penetration testing and security assessments. Threat Emulation : Develop and simulate advanced persistent threats (APTs), insider threats, and other sophisticated adversary tactics, techniques, and procedures (TTPs) to evaluate defense mechanisms. Collaboration : Work closely with other cybersecurity teams, such as blue teams (defensive security) and incident response, to enhance the security posture of the organization through proactive threat identification and remediation. Security Improvement Recommendations : Provide detailed reports and recommendations after each red team engagement, ensuring that identified vulnerabilities are addressed and mitigated in a timely manner. Exploit Development : Design and develop proof-of-concept exploits to demonstrate the feasibility of identified vulnerabilities. Social Engineering : Perform social engineering assessments, including phishing campaigns, pretexting, and physical security assessments to evaluate an organizations susceptibility to human factors in security. Incident Reporting : Document findings and vulnerabilities in a clear, concise manner and present them to stakeholders, including executives, technical teams, and IT staff, in both written and verbal formats. Continuous Learning : Stay current with the latest cybersecurity threats, tools, techniques, and industry best practices to continuously improve the red team’s effectiveness. Tool Utilization and Development : Use commercial and open-source tools to conduct red team operations. Additionally, develop custom scripts or tools to facilitate specific attack scenarios. Qualifications : Education : Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent work experience. Experience : 3+ years of experience in offensive security, penetration testing, or red teaming. Experience with conducting and leading red team exercises, vulnerability assessments, and penetration tests. Strong understanding of security concepts, network protocols, operating systems (Linux, Windows, macOS), and web application security. Certifications : Certified Red Team Expert (CRTE) Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH) - Preferable GIAC Penetration Tester (GPEN) - Preferable Certified Information Systems Security Professional (CISSP) - Preferable Technical Skills : Proficiency in programming/scripting languages such as Python, Bash, PowerShell, or others. Experience with red team tools (e.g., Cobalt Strike, Metasploit, Burp Suite, Nmap, etc.). Familiarity with attack simulation platforms, threat emulation frameworks (e.g., MITRE ATT&CK). Strong knowledge of attack methodologies and the tactics, techniques, and procedures (TTPs) of advanced persistent threats (APTs). Soft Skills : Strong analytical and problem-solving skills. Ability to communicate complex technical findings to both technical and non-technical stakeholders. Strong attention to detail and ability to work independently or as part of a team. Proactive, self-motivated, and eager to learn new security techniques and