Associate Principal Red Team Consultant

Make a difference here.

What You’ll Do:

– Lead and participate in full-lifecycle red team engagements: scoping, planning, execution, and reporting
– Simulate advanced persistent threat (APT) tactics against enterprise network and cloud environments
– Execute multi-stage attack chains spanning network compromise, Active Directory abuse, cloud environments, and data exfiltration
– Design and conduct social engineering campaigns including phishing, vishing, and smishing operations
– Conduct adversary simulation against hybrid and cloud-native environments (AWS, Azure, GCP)
– Develop custom tooling, payloads, and tradecraft to evade modern defensive controls (EDR, SIEM, CASB)
– Produce high-quality, actionable reports tailored to both technical and executive audiences
– Collaborate with blue team and MDR teams to deliver purple team assessments
– Mentor junior consultants and contribute to internal capability development
– Stay current with emerging threat actor TTPs, tooling, and industry research

What You Have:

US Citizenship is Required

Core Offensive Security

– 4+ years in offensive security, penetration testing, or red team roles
– Proven experience leading or independently executing full red team engagements (not just component pentests)
– Strong command of red teaming methodologies and attack patterns
– Proficiency with common red team toolkits: Cobalt Strike, Metasploit, Sliver, Havoc, or equivalent C2 frameworks
– Ability to develop and modify offensive tooling (Python, PowerShell, C/C#, or Go)

Network & Infrastructure

– Deep knowledge of Active Directory attack paths: Kerberoasting, AS-REP roasting, ACL abuse, DCSync, delegation attacks
– Experience with internal network lateral movement, credential access, and persistence mechanisms
– Familiarity with common enterprise security controls and bypass techniques (AV/EDR evasion, AMSI bypass, LOLBins)
– Understanding of network protocols: SMB, LDAP, Kerberos, DNS, RDP, WinRM

Cloud Environments

– Hands-on experience attacking cloud infrastructure in at least one major provider (AWS, Azure, or GCP)
– Familiarity with cloud-specific attack paths

– Experience with cloud red team tooling

Social Engineering

– Experience designing and executing phishing simulation campaigns (credential harvesting, malware delivery)
– Familiarity with pretexting, vishing, and physical access scenarios
– Understanding of awareness evasion techniques (email gateway bypass, domain aging, spoofing controls)

Preferred Qualifications

– Relevant certifications: OSCP, CRTO, CRTE, PNPT, CRTL, or equivalent
– Cloud security certifications (AWS Security Specialty, AZ-900+, or similar) a plus
– Prior consulting or professional services experience in a client-facing capacity
– Experience with TIBER-EU, CBEST, or other regulated red team frameworks
– Published research, CVEs, or conference presentations (DEF CON, Black Hat, etc.)
– Familiarity with threat intelligence and threat actor emulation planning

Soft Skills & Professional Requirements

– Strong written and verbal communication — ability to write clear, concise, and technically accurate reports
– Comfortable presenting findings to C-suite and board-level stakeholders
– Self-directed; able to manage engagement workload with minimal supervision
– Collaborative team player with a mentorship mindset
– Ability to work within legal and ethical boundaries and maintain client confidentiality at all times
– Willingness to travel for on-site engagements as needed (up to ~25%)

Originally posted on Himalayas