Sr Red Team Operator/Penetration Tester

Hello,

SpiceOrb is looking for Penetration Tester/Red Team Operator in San Jose, CA

Role: Senior Red Team Operator / Penetration Tester
Location: San Jose, CA (Onsite)Need Locals

Duration: 12+ Months Contract

Position Summary
We are seeking a highly skilled Senior Red Team Operator / Penetration Tester to identify, simulate, and validate real-world cyber threats against our organization. The successful candidate will conduct offensive security assessments, emulate advanced adversary tactics, and provide actionable recommendations to improve the organization's security posture.
This role requires expertise in penetration testing, red teaming, adversary emulation, attack simulation, and security research across on-premises, cloud, application, and enterprise environments.
Key Responsibilities Red Team Operations

• Plan, execute, and lead red team engagements that simulate real-world threat actors.
• Perform adversary emulation exercises based on known threat actor techniques.
• Develop attack scenarios to test detection, response, and recovery capabilities.
• Conduct stealth operations while avoiding detection by security controls where appropriate.
• Execute phishing simulations, social engineering assessments, and user-awareness testing when authorized.

Penetration Testing

• Perform internal and external network penetration tests.
• Conduct web application, API, mobile application, cloud, wireless, and infrastructure security assessments.
• Identify vulnerabilities, security weaknesses, and attack paths.
• Validate the effectiveness of security controls through exploitation activities.
• Conduct privilege escalation and lateral movement testing.
• Verify remediation efforts through retesting.

Offensive Security Engineering

• Develop custom tools, scripts, and automation for offensive security operations.
• Create and maintain attack infrastructure and testing environments.
• Research emerging attack techniques, vulnerabilities, and exploitation methods.
• Build and maintain testing methodologies aligned with industry standards.
• Develop proof-of-concept exploits where appropriate.

Security Validation & Purple Teaming

• Collaborate with security operations teams to improve detection and response capabilities.
• Test and validate endpoint, network, and cloud security controls.
• Map findings and attack techniques to the MITRE Telecommunication&CK framework.
• Support purple team exercises to enhance defensive capabilities.
• Assist in improving security monitoring and threat detection use cases.

Reporting & Communication

• Produce detailed technical assessment reports.
• Present findings, attack paths, and business risks to technical and non-technical stakeholders.
• Provide prioritized remediation recommendations.
• Document methodologies, tools used, and lessons learned from engagements.

Required Qualifications

• 5+ years of hands-on penetration testing or red team experience.
• Strong understanding of:
• Network protocols and architectures
• Active Directory security
• Windows, Linux, and macOS security
• Cloud platforms (AWS, Azure, Google Cloud Platform)
• Web application security
• Authentication and identity systems
• Endpoint detection and response technologies
• Experience conducting:
• Internal network assessments
• External penetration testing
• Web application testing
• Cloud security assessments
• Red team engagements
• Proficiency with scripting and automation:
• Python
• PowerShell
• Bash

Technical Skills Offensive Security Tools
Experience with tools such as:

• Burp Suite Professional
• Metasploit Framework
• Cobalt Strike
• BloodHound
• Nmap
• Mimikatz
• Impacket

Cloud & Identity Security

• AWS security testing
• Azure security testing
• Identity and access management assessments
• Container and Kubernetes security testing

Desired Attributes

• Strong analytical and problem-solving skills.
• Ability to think like an attacker while maintaining ethical standards.
• Excellent communication and report-writing abilities.
• Experience working independently and leading offensive security engagements.
• Ability to explain technical findings to executive and business stakeholders.

Success Metrics

• Quality and impact of identified security findings.
• Successful completion of red team and penetration testing engagements.
• Reduction of organizational attack surface.
• Improvement in detection and response capabilities.
• Timely and actionable reporting of vulnerabilities and risks.
• Contribution to security strategy and continuous improvement initiatives.