Red Team Security Assurance Analyst

We are looking for an experienced Red Team Security Assurance Analyst to join our Cyber Resilience & Defence team.

In this role, you will lead offensive security operations, conduct simulated cyber-attacks, and support security assurance activities.

You will apply industry frameworks like MITRE ATT&CK, leverage Cyber Threat Intelligence (CTI), perform Threat Hunting, and contribute to Digital Forensics and Incident Response (DFIR).

Your role will be critical in identifying vulnerabilities, testing organizational defenses, and developing realistic attack simulations to enhance the cyber resilience of our clients.

Key Responsibilities :

- Plan and execute advanced Red Team assessments, simulating real-world threat actor tactics and techniques.

- Conduct physical and social engineering attacks, including tailgating, impersonation, and pretexting.

- Develop and deploy custom payloads and exploits in controlled environments for testing detection and response capabilities.

- Design impactful attack scenarios based on client-specific use cases and threat models.

- Analyze and apply CTI from open and commercial sources to inform red team tactics and threat simulations.

- Execute threat hunting campaigns to identify hidden threats and persistence mechanisms.

- Leverage the MITRE ATT&CK framework to map adversarial techniques and identify gaps in detection and response.

- Conduct post-exercise assessments and provide actionable reports to stakeholders.

- Support Digital Forensics and Incident Response (DFIR) activities in the event of actual or simulated incidents.

- Collaborate with Blue Teams to improve security controls based on red teaming outcomes.

Required Technical Skills :

- Minimum 5+ years of hands-on experience in Red Teaming, Offensive Security, or Adversary Simulation.

- In-depth knowledge of MITRE ATT&CK, cyber threat intelligence sources, and detection frameworks.

- Strong practical experience in DFIR, including memory forensics, log analysis, and root cause analysis.

- Familiarity with tools like Cobalt Strike, Metasploit, Burp Suite, Empire, BloodHound, Mimikatz, etc.

- Scripting and automation experience (e.g., Python, PowerShell) is a plus.

Design & Development Capabilities :

- Tailgating, badge cloning, facility access manipulation.

- Custom malware and exploit development aligned with current threat vectors.

- Tailored attack scenarios for client-specific environments and industries.

Certifications :

- OSCP, OSCE, OSEP

- CISSP, GIAC (GCIH, GPEN, GCFA, GNFA)