SENIOR ENGINEER - ENGINEER

Responsibilities

• Plan, scope, and lead internal Red Teaming operations, ensuring the involvement of all key project stakeholders.
• Execute red team engagements focusing on testing and bypassing defensive mechanisms across corporate networks, web applications, and infrastructure (Windows/Linux).
• Develop detailed adversary emulation and simulation plans to continuously assess and challenge security defences.
• Conduct in-depth security assessments of corporate critical infrastructure, Active Directory environments, and cloud (Azure/AWS/O365) deployments.
• Build custom tools, scripts, and methodologies to enhance internal red team capabilities.
• Develop detailed reports highlighting engagement outcomes, observations, and remediation steps in appropriate language and style for different stakeholders.
• Collaborate closely with the Blue Team to discuss findings, remediation strategies, and opportunities for enhancing detection and response mechanisms.
• Perform offensive security assessments of firewalls, security groups, and security configurations within cloud environments.
• Conduct penetration tests across web, mobile, and cloud applications, including exploit development for proof-of-concept demonstrations.
• Utilize adversarial techniques like OSINT, phishing, lateral movement, and post-exploitation to assess the effectiveness of organizational defences.
• Mentor junior staff members and provide leadership during engagements from scoping through remediation.
• Research and develop new offensive security techniques and internal tooling.

• Actively contribute to the security community through talks, CTFs, and related engagements.

  Qualifications (Knowledge, Skills, and Abilities)

• Bachelor's degree in computer science or related field (or equivalent work experience).
• Extensive hands-on experience in red teaming, adversary emulation, or penetration testing.
• Expertise in scripting languages (Python, Go, Ruby, PowerShell) for automation of attacks and tool development.
• Strong understanding of cloud security vulnerabilities, including AWS, Azure, and GCP, and best practices for securing cloud environments.
• Deep knowledge of network protocols, operating systems (Windows, Linux), web/mobile applications, and encryption mechanisms.
• Familiarity with offensive security tools like Cobalt Strike, Metasploit, Burp Suite, Empire, Nmap, and various C2 frameworks.
• Experience working with commercial or open-source adversary emulation platforms.
• Understanding of security frameworks such as MITRE ATT&CK, OWASP Top 10, and NIST.
• Strong analytical, problem-solving, and communication skills with the ability to present technical concepts and remediation steps clearly.

• Participation in security community events, CTF competitions, or publications.

  Preferred Certifications

• CRTO, OSCP, CREST, GXPN, GPEN, or relevant cloud security certifications.