Who We Are
Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
As a Red Team Operator within the Offensive Security team, you will participate in adversary emulation exercises and security assessments that test the resilience of BCG’s people, processes, and technology. You will develop your offensive security skills in a structured environment, gaining hands-on experience across a broad range of attack techniques and defensive technologies.
You will work alongside senior red team practitioners on end-to-end engagements, contributing to technical execution while building your understanding of adversary tradecraft, threat intelligence, and enterprise security architectures. This is an excellent opportunity for a security professional looking to grow within a world-class offensive security program.
Responsibilities Include
-
Support the planning and execution of red team engagements, including reconnaissance, initial access, post-exploitation, and lateral movement phases.
-
Conduct phishing simulations, social engineering campaigns, and assume-breach exercises under the direction of senior team members.
-
Assist in the development and maintenance of offensive tooling, attack infrastructure, and automation scripts to support engagement operations.
-
Perform vulnerability assessments and penetration testing across network, endpoint, web application, and cloud environments.
-
Document attack paths, findings, and technical evidence to support high-quality engagement reports.
-
Contribute to purple team exercises by collaborating with detection and response teams to validate and improve security controls.
-
Research emerging attack techniques, threat actor TTPs, and AI led offensive security tooling to enhance team capabilities.
-
Participate in post-engagement reviews and knowledge-sharing sessions to support continuous improvement of Red Team methodologies.
-
Assist in maintaining and operating command-and-control infrastructure and offensive security platforms.
-
Support the development of internal training materials, playbooks, and documentation for the Offensive Security team.
What You'll Bring
-
1–3 years of experience in offensive security, penetration testing, or a related cybersecurity discipline.
-
Foundational knowledge of enterprise attack techniques across Active Directory, endpoints, networks, and web applications.
-
Exposure to common offensive security tools and frameworks such as Metasploit, BloodHound, Burp Suite, or equivalent.
-
Basic scripting or programming skills in Python, PowerShell, or Bash for task automation and tooling support.
-
Understanding of networking fundamentals, operating system internals, and common security protocols.
-
Familiarity with the MITRE ATT&CK framework and common adversary tactics, techniques, and procedures.
-
Strong analytical and problem-solving skills with a keen interest in understanding how attackers think and operate.
-
Ability to document technical findings clearly and communicate results to peers and team leads.
-
Eagerness to learn, take direction from senior practitioners, and grow within a structured offensive security program.
-
Exposure to cloud environments (Azure, AWS, or Google Cloud) is advantageous.
-
Participation in CTF competitions, bug bounty programs, or personal security research projects is valued.
-
Familiarity with basic reverse engineering, malware analysis, or exploit research is a bonus.
-
Understanding of defensive security concepts and technologies such as SIEM, EDR, and network monitoring is beneficial.
Who You'll Work With
You will be part of the Global Information Security organization, embedded within the Offensive Security team. You will work alongside senior red team practitioners, gaining exposure to a wide range of adversary emulation techniques and security assessment methodologies.
You will also interact with Incident Response teams, Security Operations, Information Technology, and Infrastructure colleagues as part of collaborative purple team exercises and cross-functional security improvement initiatives.
Additional info
This is an internal corporate security role supporting BCG’s global cybersecurity program.
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.