Principal Red Team Operator / Subject Matter Expert (SME) - 10+ Years Hands-On Experience
Location: 100% Remote
Employment Type: Full-Time
Salary Range: [$160,000 - $200,000+] + Benefits (Highly Competitive, Commensurate with Expertise)
The Mission
We seek a battle-hardened, highly technical Principal Red Team Operator and SME with a minimum of 10 years of direct, hands-on red teaming experience. You are not just a tester; you are a strategic adversary emulator, a master tactician, and a trusted advisor. Your mission is to lead and execute complex, objective-based adversarial simulations against our most critical assets, relentlessly challenging our people, processes, and technologies to expose systemic weaknesses before real attackers do. You will shape our defensive strategy, mentor elite operators, and drive tangible improvements in our security posture.
Key Responsibilities
- Lead & Execute Complex Red Team Engagements:
- Design, scope, plan, and execute sophisticated, multi-faceted red team campaigns aligned with threat intelligence and specific business risks (e.g., data exfiltration, financial fraud, operational disruption, reputational damage).
- Employ advanced Tactics, Techniques, and Procedures (TTPs) mimicking sophisticated adversaries (e.g., APTs, eCrime, Insider Threats) across the entire Cyber Kill Chain and MITRE ATT&CK framework.
- Conduct deep reconnaissance, establish persistent footholds, perform privilege escalation (local, domain, cloud), execute lateral movement, achieve objective completion, and maintain stealth against mature defenses (EDR, NDR, SIEM, SOC).
- Operate ethically within strict Rules of Engagement (RoE).
- Mastery of Diverse Attack Vectors & Environments:
- Network: Advanced exploitation of internal/external network infrastructure, protocols, and services (AD exploitation - Kerberoasting, Golden Ticket, DCSync; network device vulnerabilities, custom protocol attacks).
- Cloud: Deep offensive expertise in major cloud platforms (AWS, Azure, GCP) – attacking IAM misconfigurations, vulnerable serverless functions, container escapes (Kubernetes/Docker), cloud storage, management planes.
- Endpoint: Bypass and evasion of modern EDR/XDR solutions, AV, and host-based protections. Develop and deploy custom malware, loaders, and persistence mechanisms. Memory analysis and manipulation.
- Web & API: Exploit complex business logic flaws, chained vulnerabilities, and authorization bypasses in modern web apps and APIs beyond OWASP Top 10.
- Physical & Social Engineering: Plan and execute physical intrusion tests, badge cloning, lock bypass. Design and run highly targeted social engineering campaigns (spear phishing, vishing, pretexting).
- Mobile: Attack mobile applications (iOS/Android) and their backend infrastructure, including reverse engineering and exploiting mobile-specific vulnerabilities.
- Wireless: Exploit enterprise wireless networks (WPA2/3-Enterprise), rogue AP attacks, proximity-based attacks (Bluetooth, NFC).
- ICS/SCADA, IoT, Embedded Systems, Custom Hardware attacks.
- Tool Development & Customization:
- Develop, modify, and maintain custom offensive tools, scripts (Python, PowerShell, C#, C/C++, Go), implants, C2 frameworks, and evasion techniques tailored to specific engagement needs and to bypass defensive technologies.
- Contribute to open-source offensive security projects.
- Defensive Evasion & Counter-Forensics:
- Expertly employ techniques to avoid detection (log manipulation, timestomping, living-off-the-land binaries - LOLBAS, trusted process abuse, memory-only execution, network covert channels).
- Understand and actively test defensive telemetry and detection capabilities.
- Purple Teaming & Collaboration:
- Lead structured Purple Team exercises to validate detection and response capabilities, providing immediate feedback and coaching to Blue Team/SOC analysts.
- Collaborate closely with Threat Intelligence to ensure TTPs are relevant and realistic.
- Partner with Detection Engineering to build robust detections based on findings.
- SME Leadership & Mentorship:
- Act as the ultimate technical authority on advanced offensive security within the organization.
- Mentor and technically lead junior and mid-level red team members.
- Develop and refine red team methodologies, playbooks, and operational security (OPSEC) procedures.
- Drive innovation in red teaming tools and techniques.
- Strategic Reporting & Communication:
- Produce executive-level and deeply technical reports that clearly articulate attack paths, business impact, systemic security gaps, and prioritized strategic recommendations.
- Deliver compelling briefings to technical teams, senior leadership (CISO, CIO, CTO), and potentially the Board.
- Translate complex technical findings into actionable business risk.
- Research & Threat Emulation:
- Conduct independent research on emerging vulnerabilities, attack vectors, and adversary TTPs.
- Develop and emulate specific threat actor profiles based on intelligence reports.
Required Qualifications & Experience (Non-Negotiable)
- 10+ Years of Direct Hands-On Red Teaming Experience: Proven track record leading and executing complex, objective-based adversarial simulations in large, well-defended enterprise environments. Penetration testing experience alone is insufficient.
- Deep & Demonstrable Technical Mastery:
- Operating Systems: Expert-level understanding of Windows and Linux/Unix internals, security mechanisms, and exploitation techniques.
- Networking: Mastery of TCP/IP, routing, switching, firewall evasion, network protocol analysis and exploitation.
- Active Directory: Offensive AD expertise (Kerberos, authentication protocols, exploitation techniques like Golden Ticket, DCSync, ACL attacks, BloodHound).
- Cloud Security Offense: Proven experience attacking AWS, Azure, and/or GCP at an advanced level (IAM privilege escalation, instance compromise, storage attacks, serverless abuse).
- Programming/Scripting: High proficiency in Python, PowerShell, Bash. Strong ability in C/C++, C#, or Go for tool development/modification.
- Exploit Development: Understanding of vulnerability analysis, fuzzing, and basic exploit development/modification for common vulnerabilities.
- Modern Defenses: Extensive experience bypassing and operating against EDR, XDR, SIEM, IDS/IPS, hardened endpoints, and network segmentation.
- OPSEC & Counter-Forensics: Deep understanding and practical application of operational security and anti-forensic techniques.
- Tool Proficiency: Expert command of industry-standard and custom tools (e.g., Cobalt Strike, Mythic, Sliver, Covenant, Metasploit, Burp Suite Pro, Nmap, Wireshark, BloodHound, ADExplorer, cloud exploitation frameworks (Pacu, Stormspotter, MicroBurst), debuggers (WinDbg, gdb), disassemblers).
- Methodology & Frameworks: Deep understanding and application of red team methodologies, Cyber Kill Chain, MITRE ATT&CK framework, and threat modeling concepts.
- Advanced Certifications (Must Have at Least One):
- Offensive Security Certified Expert (OSCE³ / OSEE)
- CREST Certified Simulated Attack Specialist (CCSAS) / CREST Certified Simulated Attack Manager (CCSAM)
- SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Zero Point Security CRTO / CRTP / CRTE (or equivalent depth)
Linked-in
Google