Red Team Specialist

(Vulnerability Management Focus)

6 months hybrid project in New York City

Important note

This role is titled Red Team Specialist, but per direct conversation with the hiring manager, the day-to-day work is primarily vulnerability management, not offensive red team operations.

Ideal candidates will want to focus on vulnerability management, remediation orchestration, and security operations not pure offensive operators. 

Role Summary

The Red Team Specialist will join clients cybersecurity team with a primary focus on vulnerability management across the enterprise. The role is responsible for interpreting penetration test reports (largely produced by third-party vendors), driving remediation across system owners, validating fixes, and reporting on the organization s overall vulnerability posture. A working understanding of penetration testing is required so the candidate can credibly translate findings into actionable remediation work, and a limited amount of internal hands-on testing may also fall under this role.

Key Responsibilities

Vulnerability Management (Primary Focus)

Own the end-to-end vulnerability management lifecycle: discovery, triage, prioritization, assignment, remediation tracking, and validation.

Read, interpret, and operationalize penetration test reports delivered by third-party vendors translating findings into clear, actionable remediation tasks for system owners, developers, and infrastructure teams.

Build and maintain vulnerability dashboards and reports, including CVE tracking, aging analysis, and trend reporting for technical and executive audiences.

Use Tanium for vulnerability identification, patch management, and reporting (preferred; training available for the right candidate).

Partner with patch management, infrastructure, and application teams to ensure timely remediation aligned with risk severity.

Provide guidance on vulnerabilities using a risk-based approach considering ease of exploitation, exposure, and business impact.

Validate remediation efforts and confirm vulnerabilities have been effectively closed.

Identify opportunities for improvement in tools such as SecurityScorecard and similar external risk-rating platforms.

Third-Party Penetration Test Coordination

Manage relationships with third-party penetration testing vendors, including scoping, scheduling, and execution oversight.

Apply clients internal penetration testing framework across the application onboarding lifecycle.

Manage deliverables from external testers; review findings, ensure supporting evidence is sufficient, and defend or challenge findings as appropriate.

Track and report on third-party testing engagements, including risk, mitigation strategies, and references.

Limited Internal Penetration Testing

Note: Internal hands-on testing will be minimal. The candidate should be capable of supporting it but will not perform deep offensive operations day-to-day.

Conduct light-touch internal penetration tests and vulnerability assessments of servers, web applications, and databases as needed.

Provide spot-checking and validation of existing technical security controls.

Communicate technical findings and remediation steps with developers, system administrators, project managers, and senior stakeholders.

Purple Teaming & Incident Response Support

Support purple team exercises that bring collaboration between Security, Operations, and Business Units to validate technical controls and remediation effectiveness.

Participate in incident response activities, including tabletop exercises and major incident remediation.

Provide guidance to the security operations team on adversary techniques and procedures (TTPs) to improve awareness and response times.

Required Experience & Skills

2+ years of experience in cybersecurity, with a working knowledge of penetration testing concepts and the ability to read, interpret, and act on penetration test reports.

Hands-on experience managing a vulnerability management program prioritization, remediation tracking, and reporting.

Familiarity with web application, infrastructure, and basic cloud (AWS and/or Azure) vulnerability concepts.

Working knowledge of Windows/Active Directory and Linux systems administration and common vulnerabilities.

Familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK frameworks.

Working proficiency in at least one scripting language: Bash, PowerShell, or Python.

Strong written and verbal communication skills able to clearly articulate technical findings and remediation requirements to mixed audiences (engineers through senior stakeholders).

Demonstrated ability to drive remediation across cross-functional teams.

Preferred (Strong Pluses, Not Required)

Tanium experience: Building reports, tracking CVEs, and supporting vulnerability and patching workflows. Client is a Tanium reseller and uses Tanium heavily this is a significant plus.

CrowdStrike experience: Hands-on familiarity with CrowdStrike Falcon (EDR) is a strong plus.

Exposure to penetration testing or red teaming engagements (web apps, APIs, network devices, databases, OS, cloud).

Experience with NIST 800-53 and the Risk Management Framework (RMF).

1+ years of SOC and/or incident response experience, with a focus on host data acquisition and threat hunting.

Familiarity with penetration testing toolsets (Burp Suite, NessQualys, Kali Linux, Metasploit, Cobalt Strike) at a level sufficient to interpret vendor outputs.

Bachelor s degree in Computer Science, Engineering, Information Systems, or related field.

Certifications (Any of the Following Are a Plus)

Practical/offensive: OSCP, eCPTX, eCPPX, PNPT, GPEN, eCXD, CEH, PenTest+

Defensive: BTL1, BTL2

Cloud security: AWS Certified Security Specialty or Azure equivalent

Candidate Profile to Avoid

To save sourcing cycles, please de-prioritize candidates who match any of the following the hiring manager has confirmed they are not the right fit for this role:

Candidates whose recent roles are dominated by C2 infrastructure development (Cobalt Strike, Brute Ratel, Covenant), advanced AD exploitation, or EDR evasion as their core day-to-day.

Candidates whose resumes show no exposure to vulnerability management, remediation coordination, or reporting workflows.

Candidates seeking a role with significant hands-on offensive engagements the volume of internal pen testing in this role is intentionally low.

Location & Work Arrangement

Primary target location: New York, NY hybrid (Manhattan office, 2 3 days per week onsite).

Secondary location: Mesa, AZ (Phoenix area) hybrid. Open if a strong NYC candidate cannot be sourced.

HQ: Mesa, AZ