Red Team Engineer - Endpoint Evasion & C2 Operations
Company: Redfox Cybersecurity Location: Mumbai, Maharashtra, India (On-site) Experience Required: 1-2 Years
Employment Type: Full-time
About Redfox Cybersecurity:
Redfox Cybersecurity is a leading global cybersecurity firm specializing in offensive security operations, threat intelligence, and advanced penetration testing services. With strategic offices in Mumbai (India), Toronto (Canada), Delaware (USA), and London (UK), we serve Fortune 500 companies, government agencies, and enterprises across North America, Europe, Asia-Pacific, and beyond. Our team of elite security professionals is dedicated to protecting organizations against evolving cyber threats through proactive security assessments and cutting-edge offensive security methodologies.
Our global presence enables us to deliver 24/7 security services and maintain deep expertise across diverse regulatory environments, industry sectors, and threat landscapes. As we continue to expand our operations in the Asia-Pacific region, we are seeking talented individuals to join our Mumbai office and contribute to our mission of making the digital world safer.
About the Role:
We are seeking a highly motivated Red Team Engineer with deep expertise in EDR evasion, C2 operations, and adversary simulation to join our offensive security team at our Mumbai office. This is not a role for someone who stops at surface-level script tampering - we are looking for a thorough, end-to-end Red Teamer who understands the full offensive lifecycle, from initial access and payload development through to post-exploitation, persistence, and stealthy objective completion - all while operating under the radar of modern endpoint defenses.
You will work alongside seasoned security professionals from our global offices, gain exposure to complex enterprise environments, and have the opportunity to contribute to real-world red team operations that make a tangible difference in our clients' security posture. This position provides exposure to international projects and the possibility of collaboration with our teams in Toronto, Delaware, and London.
Key Responsibilities:
- Plan and execute full-scope red team engagements simulating advanced persistent threats (APTs) and sophisticated, multi-stage attack scenarios
- Develop and deploy custom malware, loaders, stagers, and implants designed to evade modern EDR and AV solutions
- Conduct in-depth EDR evasion research and implement techniques including userland unhooking, direct/indirect syscalls, process injection variants, and memory evasion
- Design, deploy, and manage resilient C2 infrastructure with proper redirectors, domain fronting, and OPSEC controls
- Perform assumed breach and objective-based operations to test detection, response, and resilience capabilities
- Identify and exploit vulnerabilities within Active Directory environments, including privilege escalation, lateral movement, credential theft, and persistence techniques
- Execute red team operations across on-premises, cloud, and hybrid environments
- Conduct initial access operations including phishing campaigns, macro development, credential harvesting, and perimeter exploitation
- Emulate real-world threat actor TTPs aligned with the MITRE ATT&CK framework
- Develop detailed technical reports documenting findings, risk assessments, and actionable remediation recommendations
- Present findings and security recommendations to clients and stakeholders
- Collaborate with blue team and security operations teams to improve detection and defensive capabilities through purple team exercises
- Coordinate with global team members across different time zones on multi-regional projects
- Stay current with emerging EDR detection logic, threat actor tooling, evasion research, and offensive security developments
- Contribute to the development of internal tooling, custom implants, evasion frameworks, and red team methodologies
- Participate in knowledge-sharing sessions and mentor junior team members, create course content for Redfox Cybersecurity Academy
- Support business development activities through technical demonstrations and proof-of-concept engagements
Required Qualifications:
- 1-2 years of demonstrated hands-on experience in red teaming, adversary simulation, offensive security operations, and security reporting
- Deep, practical knowledge of EDR evasion techniques including but not limited to:
- Userland API unhooking and patching (e.g., Ntdll unhooking)
- Direct and indirect syscall usage
- Process injection techniques (process hollowing, DLL injection, thread hijacking, APC injection, etc.)
- AMSI and ETW bypass techniques
- Payload obfuscation, encryption, and in-memory execution
- LOLBins and living-off-the-land techniques
- Sandbox evasion and anti-analysis techniques
- Hands-on experience designing, deploying, and operating C2 frameworks (Cobalt Strike, Havoc, Brute Ratel, Sliver, etc.) with proper OPSEC - including redirectors, malleable profiles, and domain categorization
- Strong understanding of Windows internals (memory management, process architecture, Win32 API, NT API layer) as it relates to offensive operations
- Proficiency with red team tooling and frameworks (BloodHound, Metasploit, Mimikatz, Rubeus, etc.)
- Strong understanding of Active Directory security architecture, common misconfigurations, and exploitation techniques
- In-depth knowledge of the MITRE ATT&CK framework, threat actor TTPs, and adversary emulation methodologies
- Ability to develop and execute complex, multi-stage attack chains from initial access through to objective completion
- Experience with custom payload and tooling development - ability to write, modify, and adapt offensive tooling, not just run pre-built scripts
- Strong technical writing and documentation skills with attention to detail
- Excellent analytical, problem-solving, and critical thinking capabilities
- Ability to work independently and as part of a distributed global team
- Strong communication skills with the ability to explain technical concepts to non-technical audiences
- Professional demeanor and ability to interact effectively with clients
Optional Qualifications (Good to have):
- Knowledge of cloud security platforms and services (AWS, Azure, Google Cloud Platform) and cloud-specific attack paths
- Experience with container security (Docker, Kubernetes)
- Understanding of DevSecOps practices and CI/CD pipeline security
- Familiarity with compliance frameworks (PCI-DSS, ISO 27001, GDPR, SOC 2, HIPAA)
- Published security research, technical blog posts, or conference presentations
- Contributions to open-source offensive security tools or frameworks
- Experience with scripting and custom tooling development (C, C++, C#, Python, PowerShell, Rust) for offensive purposes
- Familiarity with kernel-level evasion techniques, driver abuse, or PPL bypasses
- Familiarity with wireless security, IoT security, or OT/ICS environments
- Experience with physical security assessments and social engineering operations
- Experience working in cross-functional or international teams
What We Offer:
- Competitive compensation package aligned with global standards
- Opportunity to work with an internationally recognized cybersecurity team across four countries
- Exposure to challenging and diverse security projects across multiple industries and geographies
- Access to world-class training programs, certifications, and professional development opportunities
- Collaborative work environment that encourages innovation and knowledge sharing
- Career progression opportunities within a rapidly growing global organization
- Potential for international assignments and cross-office collaborations
- Professional certification sponsorship and continuous learning budget
How to Apply:
Interested candidates are requested to submit their updated curriculum vitae to [email protected] with the subject line "Application - Red Team Engineer - Endpoint Evasion & C2 Operations - Mumbai"
Equal Opportunity Employer:
Redfox Cybersecurity is an equal opportunity employer committed to building a diverse and inclusive workplace. We welcome applications from candidates of all backgrounds, experiences, and perspectives. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Join us in our mission to secure the digital world. Be part of a global team that's shaping the future of cybersecurity.
Redfox Cybersecurity | Mumbai | Toronto | Delaware | London
redfoxsec.com
Job Type: Full-time
Work Location: In person
Pay: ₹49,999.00 - ₹59,999.00 per month
Benefits:
Work Location: In person
