Red Teaming Consultant

Key Skills:

Roles & Responsibilities:

• Conduct comprehensive web & API testing, including reconnaissance, authenticated/unauthenticated testing, and identifying injection flaws (SQLi/NoSQLi), RCE, SSRF, XSS, IDOR, and more.
• Perform network & infrastructure testing, including perimeter and internal assessments, host/service enumeration, CVE-based exploitation, and attack path mapping.
• Execute Active Directory compromise exercises, focusing on Kerberos abuse, privilege escalation, and Group Policy weaknesses.
• Simulate stealthy adversary tradecraft using MITRE ATT&CK techniques, including OpSec and EDR/AV evasion.
• Design, develop, and customize offensive tooling and exploits while maintaining red team infrastructure.
• Conduct cloud adversarial simulations, focusing on identity abuse and privilege escalation across AWS, Azure, and GCP services.
• Plan and run social engineering campaigns, measuring human susceptibility and crafting realistic pretexts using OSINT.
• Prepare detailed findings, risk assessments, and prioritized remediation recommendations for technical and non-technical stakeholders.
• Maintain engagement scope, rules of engagement, and ensure compliance with legal and ethical guidelines.
• Mentor junior red team members and help build playbooks and repeatable testing methodologies.

Experience Requirement:

• 4 - 7 years of experience in red teaming, penetration testing, or offensive security.
• Strong hands-on experience with web application and API security testing (OWASP Top 10, API-specific risks).
• Proven experience with Active Directory attacks, privilege escalation, and lateral movement techniques.
• Demonstrated experience in cloud security testing (IAM abuse, misconfigurations, lateral movement across cloud services).
• Practical knowledge of exploit development, custom tooling, and automation of offensive tasks.
• Experience with adversary simulation frameworks and MITRE ATT&CK mapping.
• Familiarity with evasion techniques against EDR/AV and operational security best practices.
• Experience producing high-quality pentest reports, executive summaries, and remediation roadmaps.
• Comfortable operating in both external and internal engagement contexts, including coordinated tests with blue teams.
• Prior exposure to physical or social engineering engagements is a plus.
• Certifications such as OSCP, OSCE, CRTP, CRTE, GPEN, or equivalent are desirable.
• Strong communication skills and the ability to present complex technical findings to business stakeholders.

Education: