Red Team Specialist

We are seeking a skilled and experienced Red Team Specialist with a strong background in OSINT, phishing campaigns, application and infrastructure penetration testing, and low-level programming. The ideal candidate has a solid understanding of advanced offensive techniques, malware development, and threat emulation, and is capable of conducting sophisticated attacks to evaluate and improve our security defenses. This role is crucial for simulating real-world threat scenarios and proactively identifying security weaknesses across our organization.

Key Responsibilities:

• OSINT and Target Reconnaissance: Conduct extensive Open Source Intelligence (OSINT) gathering to map potential attack surfaces and identify key information that could be leveraged in red team operations.
• Phishing and Social Engineering: Develop and execute phishing campaigns and other social engineering tactics to simulate realistic attack scenarios. Measure effectiveness and provide insights into user awareness and susceptibility.
• Application and Infrastructure Testing: Perform in-depth assessments of web applications, APIs, and infrastructure, identifying vulnerabilities that could be exploited by adversaries. Focus on both internal and external assets.
• Malware Development and Low-Level Exploitation: Develop and deploy custom malware, exploits, or payloads tailored to the engagement requirements. Utilize low-level programming (e.g., C, C++, Assembly) to create effective evasion techniques and bypass security controls.
• Collaboration and Reporting: Work closely with blue teams and SOC analysts to provide actionable recommendations. Create detailed technical reports on findings, as well as high-level summaries for senior leadership.
• Tool Development and Automation: Build and customize tools and scripts for automation in reconnaissance, exploitation, and post-exploitation phases, enhancing red team effectiveness.
• Stay Up-to-Date with Threat Landscape: Regularly research and stay informed on the latest threats, exploits, and attack techniques, incorporating them into red team operations.
  
  

• Experience: 3-5 years of hands-on experience in red teaming or offensive security roles, with a focus on OSINT, social engineering, and phishing.
• Technical Proficiency:
• Strong understanding of network and application layer protocols and security principles.
• Proficiency in offensive security tools (e.g., Cobalt Strike, Empire, Metasploit, Burp Suite) and scripting languages (Python, PowerShell, Bash).
• Demonstrated experience with low-level programming (C, C++, Assembly) for exploit development and evasion techniques.
• Malware Development: Experience developing custom malware and payloads to simulate APT behavior and bypass security defenses.
• Social Engineering Skills: Expertise in creating and executing phishing campaigns, phone-based social engineering, and physical security assessments.
• Application and Infrastructure Knowledge: Deep understanding of web application security, including hands-on experience with vulnerabilities like SQLi, XSS, CSRF, SSRF, and others, as well as infrastructure vulnerabilities in Windows, Linux, and cloud environments.
• Strong OSINT Skills: Proven track record of gathering and leveraging OSINT to enhance attack precision and effectiveness.
  
  

• Reverse Engineering: Familiarity with reverse engineering tools (e.g., IDA Pro, Ghidra, OllyDbg) and methodologies for understanding binaries and malware.
• Certifications (preferred): OSCP, OSCE, CRTO, or other advanced offensive security certifications that demonstrate deep technical expertise.