Location: Andheri
Employment Type: Full-Time
Experience: 3–8+ Years (Skill-based flexibility)
Job Summary
We are seeking a highly skilled Red Team Specialist to design and execute real-world attack simulations across external, internal, social engineering, and physical security domains. This role focuses on emulating advanced threat actors to identify gaps in people, processes, and technology controls, enabling the organization to strengthen its detection, response, and overall security posture.
Key Roles & Responsibilities
External & Internal Security Testing
- Conduct external and internal network penetration testing simulating real-world attacker methodologies.
- Identify and exploit weaknesses in Active Directory, VPNs, firewalls, cloud environments, and endpoint defenses.
- Perform privilege escalation, lateral movement, and persistence techniques within enterprise environments.
Social Engineering Assessments
- Design and execute phishing, vishing, smishing, and pretexting campaigns.
- Perform OSINT-driven reconnaissance to craft realistic attack scenarios.
- Measure and report on human risk exposure and awareness gaps.
Physical Security Testing
- Conduct physical intrusion assessments including tailgating, badge testing, and facility access evaluations.
- Test effectiveness of CCTV, access control systems, visitor management, and security personnel response.
- Coordinate with stakeholders to ensure safety, legality, and compliance during engagements.
Red Team Operations & Research
- Develop and maintain custom attack tools, payloads, and infrastructure.
- Simulate APT-style campaigns aligned with the MITRE ATT&CK framework.
- Conduct threat emulation exercises and collaborate with Purple Teams.
Reporting & Stakeholder Engagement
- Deliver executive-level and technical reports with clear risk impact, attack paths, and remediation strategies.
- Conduct debrief sessions and tabletop exercises with SOC, IT, and leadership teams.
- Support Blue Team tuning and detection improvement initiatives.
Required Skills & Qualifications
- Strong hands-on experience in Red Teaming, Internal & External Penetration Testing.
- Deep understanding of Windows & Linux internals, Active Directory, and enterprise network architecture.
- Experience with C2 frameworks (Cobalt Strike, Sliver, Metasploit, Mythic).
- Proficiency in Python, PowerShell, Bash for scripting and automation.
- Knowledge of social engineering methodologies and OSINT tools.
- Understanding of physical security controls and access management systems.
- Familiarity with SIEM, EDR, and SOC detection workflows.
- Strong knowledge of MITRE ATT&CK and threat actor TTP mapping.
- Experience with cloud environments (AWS, Azure, GCP) is a plus.
Desired Certifications (Preferred)
- CRTO / CRTE / OSEP
- OSCP / OSCE / OSED
Behavioural & Professional Attributes
- Ethical mindset with strong focus on legal, compliance, and safety standards.
- Strong research-driven and adversary emulation mindset.
- Excellent communication and stakeholder management skills.
- Ability to operate independently and lead complex, multi-domain engagements.
- Capability to mentor and develop junior team members.
Why Join Us?
- Work on cutting-edge Red Team engagements across multiple domains.
- Opportunity to emulate advanced threat actors and strengthen enterprise defenses.
- Collaborative environment with continuous learning and growth opportunities.