Cyber Security Expert

CYE is looking for a Cyber Security Expert with hands-on experience in offensive security, possessing strong technical capabilities, in-depth knowledge of adversary simulation, and a passion for Red Team operations.

CYE is a cybersecurity firm specializing in advanced adversary simulation and offensive security testing. We deliver Red Team assessments for Fortune 500 companies, simulating sophisticated, real-world attacks across external, internal, cloud and Active Directory environments. Our services span both stealth-based Red Team operations and risk-focused assessments, covering a wide range of attack surfaces including on-premise and cloud environments.

Responsibilities:

• Participate in Red Team assessments that simulate real-world threats and remain undetected by the client's defensive team. These stealth operations simulate advanced adversaries and require careful planning, execution, and OPSEC
• Lead or co-lead portions of internal and external offensive assessments, including perimeter exploitation and post-exploitation in Active Directory
• Perform Purple Team engagements to help clients improve their monitoring and detection capabilities while sharpening your own offensive skills
• Document attack paths, risk analysis, technical findings and remediation guidance in detailed reports tailored to both technical and executive audiences.
• Collaborate with the team to develop and maintain internal tooling, scripts, and documentation for offensive operations
• Continuously research and test new techniques, tools, and attack paths to further enhance CYE's Red Team capabilities

Requirements:

• 2+ years of hands-on experience in offensive security, red teaming, or penetration testing
• Hands-on experience with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver)
• Strong understanding of Active Directory, domain escalation paths, Kerberos, trust relationships, GPO abuse, credential access, etc.
• Proficiency in various offensive techniques such as Relay Attacks, Coercion, Kerberos Attacks, Privilege Escalation, etc.
• Familiarity with network protocols (e.g., SMB, DNS, LDAP, HTTP) and system internals (Windows and Linux)
• Strong understanding of OPSEC considerations during covert operations
• Ability to present and produce clear and actionable technical reports and documentation in English
• Experience working in client-facing roles or as part of structured engagements
• Proficient in one or more scripting/programming languages: Python, PowerShell, C#, or C++

Advantages:

• Knowledge of MITRE ATT&CK, threat emulation frameworks, and adversary tactics
• Previous contributions to open source offensive security tools or research
• High Advantage: Experience in at least one of the cloud attack surfaces (Azure, AWS, GCP)
• Experience and familiarity with security best practices in Kubernetes-based (K8s) infrastructure
• Familiarity with EDR/XDR and other security products (e.g., CrowdStrike, Microsoft Defender, etc.) and common evasion techniques
• Relevant certifications such as OSCP, OSCE, CRTO, GXPN, or equivalent
• High level of spoken and written English, including the ability to clearly explain technical topics to both technical and non-technical audiences

About us:

CYE’s exposure management platform, Hyver, transforms the way security teams protect their organizations. With CRQ at its core, Hyver reveals exposure in financial terms, visualizes attack routes to critical business assets, and creates tailored mitigation plans. Founded in 2012, CYE has served hundreds of organizations globally.