Principal Red Team Operator / Leader - Hybrid

About The Position

Requirements

• Bachelors Degree in Computer Science or related field
• 10 + years of relevant experience
• Offensive Security Certified Professional (OSCP) or higher Offsec certification
• Proven experience leading and executing Red Team operations and adversary simulations
• Advanced skills across network, application, cloud, wireless and hybrid penetration testing
• Strong command of the exploitation lifecycle (reconnaissance, initial access, persistence, privilege escalation, lateral movement, data exfiltration)
• Experience with Active Directory exploitation, Linux privilege escalation, kernel-level techniques, and cloud identity systems
• Ability to chain vulnerabilities and bypass modern endpoint detection technologies
• Proficiency with Red Team tooling, including C2 frameworks, scanners, phishing platforms and OPSEC tooling
• Deep understanding of persistence mechanisms, identity-based attacks and stealth tradecraft
• Familiarity with the MITRE ATT&CK framework and adversary emulation methodologies
• Strong technical writing and reporting capabilities
• Strong presentation skills and ability to tailor the message to the intended audience
• Demonstrated ability to mentor operators and lead technical teams
• Demonstrated experience supporting Purple Team exercises and detection engineering
• Demonstrated experience managing or coordinating multi-operator Red Team engagements

Nice To Haves

• Experience developing custom exploits, scripts, and automation
• Experience aligning operations with regulatory frameworks such as TIBER or similar threat-led testing standards
• Offensive Security Exploit Expert (OSEE)
• Certified Red Team Operator Level II (CRTO II) or equivalent advanced adversary simulation certifications
• GIAC Red Team Professional (GRTP), where available
• Offensive Security Experienced Penetration Tester (OSEP) and/or Offensive Security Web Expert (OSWE)
• Advanced SANS coursework (e.g., SEC760, SEC660)
• Cloud exploitation and identity attack specialization training

Responsibilities

• Architect, monitor and execute end-to-end adversary simulations across enterprise, cloud and hybrid infrastructures
• Lead and coordinate multi-operator exploitation teams, managing simultaneous kill chains and campaign logistics
• Direct complex Red Team engagements from reconnaissance and initial access through persistence, lateral movement and data exfiltration
• Design and execute network, application, wireless, physical and cloud penetration tests
• Build, operate, and maintain Red Team infrastructure, including command-and-control (C2) ecosystems, phishing platforms and operational security (OPSEC) tooling
• Develop and operationalize custom tooling, payloads, automation and exploitation chains
• Research and implement advanced evasion techniques against SIEM, EDR, and XDR platforms
• Ensure operational realism, safety, and compliance with internal policy, legal constraints, and regulatory requirements
• Align Red Team operations with the MITRE ATT&CK framework and threat-led industry testing standards
• Lead Purple Team exercises and translate offensive findings into prioritized defensive improvements
• Partner with SOC, Threat Intelligence, Risk Management, and Engineering teams to strengthen detection and response maturity
• Mentor and develop junior and mid-level operators, sharing techniques, lessons learned, and tooling improvements
• Foster an environment of internal information sharing
• Interpret technical exploitation in the context of business risk and control effectiveness
• Communicate technical risk clearly to security leadership and key stakeholders
• Produce high-quality After-Action Reports (AARs), executive summaries, and technical documentation
• Ensure that all Red Team related processes adhere to governance and regulatory requirements

Benefits

• medical, dental, vision and life insurance with no premium costs for our employees and their families
• retirement plan plus matching 401k
• structured training
• certification sponsorship
• long-term career development opportunities
• flexible work from home (WFH) schedule