Offensive Security Engineer – Red Team

This is a fully remote position, open to applicants in India.

📋 Description

• Strategize and implement red team operations across our cloud platforms (AWS/GCP/Azure), internal networks, web applications, and SaaS offerings.

• Mimic realistic attack sequences — from initial access to lateral movement, credential harvesting, privilege escalation, and data exfiltration — utilizing contemporary threat actor methodologies.

• Execute assumed breach scenarios, conduct purple team exercises, and carry out objective-driven engagements, rather than simply performing point-in-time penetration tests.

• Evaluate cloud-specific attack surfaces such as IAM roles and policies, storage misconfigurations, serverless functions, container workloads, and CI/CD pipelines.

• Assess Active Directory and hybrid identity infrastructures for both common and advanced attack vectors.

• Conduct testing on web and API applications related to our main product, examining authentication vulnerabilities, authorization bypasses, and business logic flaws.

• Develop, customize, and sustain offensive tools, scripts, and C2 infrastructure to facilitate engagements.

• Design and oversee red team infrastructure, including attack servers, redirectors, phishing platforms, and operational security measures.

• Create and sustain repeatable testing methodologies and internal playbooks for team utilization and enhancement.

• Analyze and enhance detection capabilities by collaborating closely with our blue team — identifying what is being detected, what is not, and the reasons behind it.

• Produce comprehensive reports that detail attack vectors, evidence, business implications, and remediation strategies — written clearly enough for engineers to act upon without further clarification.

• Communicate findings to both technical teams and non-technical stakeholders, including leadership.

• Monitor remediation progress and verify that fixes effectively address identified vulnerabilities — ensuring thorough resolution rather than superficial compliance.

• Assist in defining the scope, methodology, and maturity of our red team program as it expands.

• Contribute to the development of internal security standards, threat models, and secure design assessments.

• Mentor junior team members and facilitate knowledge sharing throughout the security organization.

⛳️ Requirements

• Over 4 years of practical experience in offensive security, penetration testing, or a red team position.

• Proven capability to attack and evaluate cloud environments — AWS, GCP, and Azure — focusing on IAM misuse, privilege escalation, and exploitation of misconfigurations.

• Hands-on experience with security in container and Kubernetes environments (EKS, GKE, AKS).

• Background in testing hosted and on-premises infrastructure, including servers, VPNs, Active Directory, and internal networks.

• Proficient understanding of web application attack methodologies (OWASP Top 10 and beyond).

• Familiarity with MITRE ATT&CK framework and its application in mapping findings to real-world threat scenarios.

• Experience in composing clear, well-structured findings reports tailored for both technical and non-technical audiences.

• Ability to convey technical risks to individuals who lack security expertise.

• Comfortable working autonomously and managing your own workload effectively.

🏝️ Benefits

• Health insurance.

• Opportunities for professional development.