REMOTE- Senior Penetration Tester / Offensive Security Specialist (Red Team) - Level 4

Job Title: Senior Penetration Tester / Offensive Security Specialist (Red Team) - Level 4

Duration :12 months- Contract

Remote role

 

Role Overview
Seeking an experienced Penetration Testing and Offensive Security Specialist to lead and execute advanced adversarial simulations across enterprise environments. The role focuses on identifying exploitable weaknesses across network, application, cloud, human, and physical layers, emulating real-world attacker techniques.
The ideal candidate will bring hands-on expertise in multi-vector penetration testing, red teaming, exploit development, and adversarial simulation, with the ability to provide actionable remediation insights to strengthen enterprise security posture.

Key Responsibilities
1. Penetration Testing & Red Team Operations

• Conduct end-to-end penetration testing engagements, including:
  • Internal network assessments
  • External perimeter testing
  • Web application and API security testing
  • Cloud and container security testing
  • Mobile (iOS) and thick client application assessments
  • Wireless infrastructure testing
• Execute advanced attack simulations to emulate real-world adversary tactics

2. Exploitation & Vulnerability Analysis

• Identify, validate, and exploit vulnerabilities using techniques such as:
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Privilege Escalation
  • Credential harvesting and manipulation
• Perform:
  • Vulnerability chaining and lateral movement simulations
  • Post-exploitation persistence and privilege escalation
• Provide risk-rated findings with clear remediation guidance

3. Social Engineering & Human Layer Testing

• Design and execute social engineering campaigns, including:
  • Phishing and spear-phishing
  • Smishing and pretexting
• Assess organizational resilience to human-centric attacks

 

4. Red Team Automation & Tool Development

• Develop and maintain:
  • Custom exploitation scripts and toolkits
  • Automation workflows for reconnaissance and exploitation
• Leverage:
  • Python scripting and Linux toolchains
  • AI/GenAI-assisted tooling for attack simulation and reconnaissance

5. Offensive Intelligence & Reconnaissance

• Perform OSINT-based reconnaissance, including:
  • Target profiling and attack surface discovery
  • Dark web and surface web intelligence gathering
• Utilize tools such as:
  • Nmap, Wireshark
  • Threat intelligence platforms (e.g., Recorded Future or equivalents)

6. Purple Teaming & Validation Support

• Collaborate with defensive teams to:
  • Validate detection and response capabilities
  • Simulate attack scenarios and measure control effectiveness
• Support:
  • Breach simulations
  • Ransomware scenario testing

Required Skills & Experience
Core Technical Skills

• Proven experience in:
  • Multi-vector penetration testing (Network, Web, Cloud, Mobile, Wireless, Physical)
  • Red teaming and adversary emulation
  • Exploit execution and vulnerability validation
• Strong understanding of:
  • MITRE ATT&CK framework
  • Modern attack techniques and threat actor TTPs

Tools & Technologies

• Hands-on expertise with:
  • Nmap, Wireshark, Burp Suite, Metasploit (or similar toolsets)
• Experience with:
  • Web application security tools
  • Network and protocol analysis tools

Automation & Scripting

• Strong development experience in:
  • Python
  • Linux environments
• Ability to build:
  • Custom scripts, payloads, and automation frameworks

Complementary Experience (Preferred)

• Exposure to:
  •  Investigations and compromise assessments
  • Threat Intelligence and IOC analysis
• Experience participating in:
  • Red Team vs Blue Team or Purple Team exercises

Certifications

• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• GIAC Security Essentials (GSEC)
• Other advanced Red Team or exploit development certifications are a plus