Red Teaming

Position Overview:

Adani Group is seeking an experienced Red Teaming Cybersecurity Expert to design and execute red teaming exercises aimed at testing and enhancing the security posture of Adani Group’s diverse entities. This includes critical infrastructure sectors such as Ports, Airports, Power, and Digital. The Red Teaming Expert will identify vulnerabilities, simulate advanced cyberattacks, and work closely with internal teams to improve detection and defense mechanisms.

Key Responsibilities:

1. Strategic Red Teaming and Penetration Testing

• Execute sophisticated red teaming engagements to simulate real-world attack scenarios.
• Develop and implement long-term offensive security strategies to proactively identify and address vulnerabilities across diverse environments.
• Conduct comprehensive penetration testing on internal networks, cloud environments, and applications.
• Execute social engineering attacks, phishing campaigns, and physical intrusions as part of full-spectrum red team operations.

2. Adversarial Threat Simulation & Attack Path Mapping

• Develop and refine threat emulation plans, leveraging TTPs (tactics, techniques, and procedures) used by nation-state actors and other adversaries.
• Model various attack paths from an adversary’s perspective to test the resilience of existing security measures.
• Simulate attacks against IT, OT (Operational Technology), and ICS (Industrial Control Systems) environments, ensuring critical infrastructure protection.

3. Collaborative Defense & Response Enhancement

• Collaborate with Blue Teams, incident response teams, and the Security Operations Center (SOC) to enhance detection, response times, and mitigation strategies.
• Provide detailed feedback on the effectiveness of security controls, detection mechanisms, and incident response processes.
• Develop and conduct collaborative red-blue team exercises (purple teaming) to continuously improve organizational defense mechanisms.

4. Vulnerability Research & Exploit Development

• Conduct research on emerging cybersecurity threats and stay current with evolving vulnerabilities, zero-day exploits, and new attack techniques.
• Develop or customize proof-of-concept exploits to demonstrate the impact of vulnerabilities in real-world scenarios.
• Perform threat intelligence analysis to determine the most relevant and high-risk attack vectors for Adani’s business environment.

5. Reporting & Risk Communication

• Produce comprehensive technical reports and executive-level summaries detailing vulnerabilities, successful attack simulations, and recommendations for improvement.
• Translate complex security vulnerabilities into business risk language for presentation to senior management and business stakeholders.
• Present red team findings in a clear and concise manner to leadership teams and board members, offering strategic insights for enhancing the overall cybersecurity posture.

6. Training, Mentoring, and Knowledge Sharing

• Provide mentorship and training to junior red team members and internal security teams, fostering a culture of proactive security and continuous improvement.
• Conduct workshops and tabletop exercises with business units to raise awareness about red teaming methodologies and the importance of cybersecurity.

7. Tool Development & Automation

• Develop, customize, or extend red teaming tools, scripts, and automation frameworks to simulate various attack vectors.
• Continuously assess and introduce new red teaming tools to improve the efficacy and realism of adversary simulations.

8. People Management

• Foster an environment of learning, excellence, and innovation within the team and across teams.
• Provide mentorship and guidance to junior team members.
• Conduct performance reviews and provide constructive feedback.
• Ensure continuous professional development of team members.

Qualifications & Skills:

Education:

• Bachelor’s or master’s degree in computer science, Cybersecurity, Information Security, or a related technical field.
• Relevant professional certifications in cybersecurity.

Experience:

• 4+ years of experience in cybersecurity, with a minimum of 2+ years in red teaming, offensive security, ethical hacking, or penetration testing.
• Proven track record of executing large-scale red teaming exercises in complex environments, including experience with critical infrastructure (Ports, Airports, Energy, etc.).
• Extensive experience in simulating advanced cyberattacks, particularly in industrial environments, OT, and ICS.

Certifications:

• CRTP, OSCP, OSCE, CREST certifications or equivalent in red teaming and penetration testing.
• Other cybersecurity certifications such as CISSP, CEH, GIAC, GCIH, GPEN are CRTP advantageous.

Technical Skills:

• Expert knowledge of offensive security tools (e.g., Metasploit, Cobalt Strike, Burp Suite, Empire, etc.) and threat simulation frameworks.
• Strong understanding of TTPs used by cybercriminals and APT groups (MITRE ATT&CK framework knowledge preferred).
• Deep expertise in network protocols, firewalls, intrusion detection systems, and secure configurations.
• Proficient in various operating systems (Windows, Linux, macOS) and cloud environments (AWS, Azure, GCP).
• Knowledge of Operational Technology (OT) and Industrial Control Systems (ICS) security challenges and attack methodologies.
• Experience with exploit development and custom tool creation for red teaming operations.

Soft Skills:

• Communication: Excellent written and verbal communication skills, with the ability to convey complex technical information to non-technical stakeholders.
• Problem-Solving: Strong problem-solving skills, strategic thinking, and analytical ability to assess risks and prioritize mitigation.
• Leadership: Effective leadership and mentoring abilities for team members.
• Collaboration: Ability to work collaboratively with cross-functional teams and foster a culture of proactive security.
• Adaptability: Ability to work in high-pressure environments and handle multiple concurrent assignments with minimal oversight.
• Ethical Mindset: Commitment to ethical hacking principles and maintaining the highest standards of integrity.
• Continuous Learning: Dedication to staying ahead of cybersecurity threats through ongoing research and professional development.

Key Competencies:

• Adverserial Mindset: Ability to think like an adversary and develop innovative ways to bypass security controls.
• Collaborative Spirit: Strong emphasis on working closely with blue teams and cross-functional teams.
• Continuous Learning: Commitment to staying ahead of cybersecurity threats by engaging in ongoing research and professional development.