Job Title: Red Team EngineerRole Overview
We are looking for a skilled Red Team Engineer who can simulate real-world attacks to identify security gaps across infrastructure, applications, and networks. The role involves hands-on offensive security work, including command-and-control operations, tunneling, and deep protocol-level exploitation.
Key Responsibilities
- Conduct red team engagements to simulate advanced adversary tactics across network, application, and cloud environments
- Design, deploy, and manage Command & Control (C2) infrastructure for covert operations
- Perform network penetration testing, including internal and external attack simulations
- Develop and use tunneling techniques (e.g., pivoting, SOCKS proxies) to bypass network restrictions
- Execute protocol-level security assessments for services such as Redis, MSSQL, PostgreSQL, MongoDB, etc.
- Identify misconfigurations, weak authentication mechanisms, and privilege escalation paths in database services
- Perform lateral movement and persistence techniques within compromised environments
- Assess and exploit weaknesses in CI/CD pipelines (e.g., GitHub, GitLab, Jenkins)
- Collaborate with blue team and engineering teams to validate findings and improve defenses
- Create detailed reports with attack paths, impact analysis, and remediation guidance
Required Skills & Experience
- Strong hands-on experience with Red Teaming / Offensive Security
- Proficiency in C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic or similar)
- Deep understanding of network protocols and pentesting methodologies
- Experience with tunneling, pivoting, and evasion techniques
- Solid knowledge of database security testing:
- Redis exploitation (unauth access, RCE vectors)
- MSSQL exploitation (xp_cmdshell, privilege escalation)
- PostgreSQL and MongoDB security weaknesses
- Experience testing network services and infrastructure (ports, firewalls, segmentation bypass)
- Understanding of CI/CD systems:
- GitHub / GitLab pipelines
- Jenkins configurations and common misconfigurations
- Familiarity with scripting (Python, Bash, or similar) for automation and payload development
- Experience with tools like Nmap, Metasploit, Burp Suite, BloodHound, Impacket, etc.
Work Location: In person