Senior Security Engineer - Red Team

Description

We are seeking a skilled and motivated Senior Security Engineer - Red Team to join our offensive security team. The ideal candidate will drive the development of advanced red teaming tools and methodologies, conduct comprehensive assessments across on-premises and cloud environments, and simulate sophisticated threat scenarios to identify and mitigate security vulnerabilities. This role requires a deep understanding of offensive security tactics, attack frameworks, and the ability to communicate findings effectively to both technical and executive stakeholders.

Key Responsibilities:

• Developing and refining internal red team scripts, tools, and methodologies to enhance offensive security operations.
• Research, validate, and exploit known attacks, vulnerabilities, and security weaknesses using custom-built or existing tools.
• Conduct thorough Red Team assessments targeting on-premises infrastructure, cloud environments, and enterprise threat landscapes.
• Identify vulnerabilities across software, systems, networks, and business logic through simulated adversarial tactics.
• Design and execute complex threat emulation scenarios incorporating physical, social engineering, and digital attack vectors.
• Produce detailed, accurate, and actionable reports and presentations tailored for both technical teams and executive leadership.
• Collaborate closely with other security teams to support remediation efforts and improve overall security posture.
• Stay current with emerging threats, attack techniques, and security technologies to continuously evolve red team capabilities.
• Conduct Purple Team exercises in collaboration with partner security teams to identify and improve the organization's security posture.

Requirements

• Minimum 5 years of hands-on offensive security experience, preferably within Red Team or penetration testing roles.
• Strong familiarity with attack frameworks (e.g., MITRE ATT&CK) and corresponding mitigation strategies.
• Proficient with common Command and Control (C2) frameworks such as Sliver, Mythic, and Cobalt Strike.
• Relevant security certifications such as CRTO (Certified Red Team Operator), OSCP (Offensive Security Certified Professional), or equivalent.
• Demonstrated ability to develop custom offensive tools or scripts to support red team operations.
• Excellent communication skills with the ability to convey complex technical findings to diverse audiences.
• Experience with cloud security assessments (AWS, Azure, Google Cloud Platform) is a plus.
• Strong problem-solving skills and a proactive approach to security challenges.

Preferred Skills:

- Knowledge of physical security testing and social engineering tactics.

- Familiarity with scripting languages such as Python, PowerShell, or Bash.

- Experience working in agile or DevSecOps environments.