*key responsibilities*:
- *red team operations*: plan, execute, and report on operations including assumed breach, initial access, lateral movement, persistence, and data exfiltration.
- *cloud penetration testing*: conduct assessments across aws, azure, and gcp, identifying misconfigurations, privilege escalation paths, identity attacks, and container security issues.
- *offensive tooling*: use and customize tools such as cobalt strike, outflank, core impact, silver, bloodhound, burp suite, develop and utilize custom tooling; and develop custom scripts for post-exploitation and evasion.
- *threat simulation*: develop realistic threat scenarios based on mitre att&ck, apt tactics, and current breach trends.
- *reporting*:write detailed, high-quality reports outlining technical vulnerabilities and exploitation techniques, severity levels, steps to reproduce, and actionable remediation steps.
- *client communication*:brief clients on findings and provide strategic guidance on remediation, overall risk reduction, and tactics to increase security posture.
- *methodology development*:contribute to the advancement of internal testing methodologies, tooling creation and improvements, and red team infrastructure.
- *security research*: stay current with emerging threats, cves, offensive tactics, and evolving cloud security techniques.
- *skill development*:perform ongoing research, analysis, and testing to enhance individual and team technical capabilities.
- *engagement scoping*: assist in defining scope, estimating effort, and drafting statements of work (sows), including recommending tailored solutions for client needs.
- *mentorship*:coach and mentor less experienced staff, or those less experienced in specific expertise areas, to support professional development and service excellence.
- *team training*:train colleagues on areas of expertise and develop repeatable learning paths to support scalable team growth.
- *content development*: contribute to creating blog posts, articles, marketing or training materials, and participating in webinars or customer conferences.
*required qualifications*:
- bachelor's degree in computer science, information technology, or a related field, or equivalent experience.
- 3+ years of professional experience in penetration testing and offensive security consulting.
- at least 2 years of experience conducting red team operations.
- at least 2 years of practical experience in cloud penetration testing (aws, azure, etc.), including identification and exploitation of misconfigurations and iam vulnerabilities.
- generalized penetration testing experience in areas such as infrastructure penetration testing, and manual web, mobile, or api penetration testing.
- ability to simulate real-world adversarial techniques and develop creative attack chains in controlled environments.
- strong understanding of network protocols, active directory, privilege escalation techniques
- demonstrated experience with c2 frameworks (cobalt strike, silver, etc.)
- proficiency in scripting or coding languages (python, powershell, bash, etc.)
*preferred qualifications*:
- experience leading technical projects, mentoring peers, or contributing to the development of team best practices.
- prior experience with cloud security or development security operations a plus
- experience with mentoring and training within teams and partnering with marketing teams to create valuable content for customers and prospects.
pay: up to $85,* per month
work location: hybrid remote in *, americana, jal.
application deadline: 06/06/2025