We are looking for a Red Team Member to join our client’s cybersecurity team. This is a fully remote position within a specialized three-person Red Team, with two team members based in Eastern Europe and the hiring manager in the U.S.
As part of this team, you will plan and execute advanced adversary simulations, targeting an organization’s systems, applications, and networks. You will mimic real-world threat actors, leveraging the latest Tactics, Techniques, and Procedures (TTPs) to test and enhance the company’s security posture.
This is a long-term opportunity in an environment that values innovation, strategic offensive security, and continuous research. The team also has a dedicated R&D week every quarter to develop new attack techniques, improve tooling, and stay ahead of evolving security measures.
Responsibilities
Plan, develop, and execute Red Team engagements to identify security weaknesses and bypass defense mechanisms.
Simulate advanced persistent threats (APT) using Cobalt Strike, Sliver, Empire, Puppy, or other offensive security tools.
Develop or modify custom exploits, payloads, and attack tools to evade modern defense mechanisms.
Leverage Python (or other scripting languages) to automate attacks, develop reconnaissance tools, and enhance existing frameworks.
Exploit Windows environments (required) and Linux environments (bonus).
Analyze and adapt existing Proof-of-Concept (PoC) exploits to ensure compatibility with recent security controls.
Maintain a solid understanding of exploitation techniques, including privilege escalation, lateral movement, and persistence.
Work with network and infrastructure teams to ensure proper access to necessary environments.
Participate in continuous learning and research, dedicating one week per quarter to innovation.
Required Skills & Experience
✅ 6+ years of hands-on experience in Red Team operations, focusing on real-world attack scenarios.
✅ Expertise in Command and Control (C2) frameworks like Sliver, Cobalt Strike, Empire, or Puppy.
✅ Strong Windows exploitation skills (Linux exploitation is a plus).
✅ Proficiency in Python (or other scripting languages) to develop and customize offensive tools.
✅ Ability to reverse-engineer security controls and adapt attack strategies accordingly.
✅ Deep understanding of TTPs used by real-world threat actors.
✅ Ability to modify and adapt public Proof-of-Concept exploits to bypass modern security defenses.
✅ Strong knowledge of network security, Active Directory attacks, lateral movement, and persistence techniques.
✅ OSCP certification (preferred but not mandatory).
Why Join?
⭐ Long-term engagement in a high-impact Red Team role.
⭐ Dedicated R&D time every quarter to innovate and enhance attack techniques.
⭐ Work in a small, skilled, and highly autonomous team.
⭐ Fully remote role with global collaboration.