Red Team Lead - Principal Security Engineer

The Hartford•Charlotte, NC

29d•Hybrid

About The Position

We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future. The Opportunity We're hiring a seasoned Red Team / Adversarial Simulation Lead to elevate our offensive security capability across enterprise, cloud, and business processes. You'll lead a small, senior team conducting full-scope adversary emulations and targeted operations mapped to MITRE ATT&CK to proactively surface risk and measurably improve defenses. You'll partner closely with Incident Response, Threat Intelligence, Cloud Security, Identity, and Engineering leaders to prioritize scenarios that matter most to our customers and business. This role will have a Hybrid work schedule, with the expectation of working in an office (Columbus, OH, Chicago, IL, Hartford, CT or Charlotte, NC) 3 days a week (Tuesday through Thursday).

Requirements

Experience: 5+ years in offensive security (red team, adversary emulation, or advanced penetration testing) with 3+ years leading operations or teams in enterprise environments.
Tradecraft: Proficiency in planning and executing multi-stage operations across Windows, Linux, macOS, identity (AAD/Entra), and major clouds (AWS/Azure/GCP).
Advanced Evasion & OPSEC Techniques: Ability to bypass modern EDR/XDR, SIEM correlation, and behavioral analytics while maintaining stealth.
Active Directory & Hybrid Identity Tradecraft: Domain privilege escalation, trust abuse, and persistence techniques.
Framework fluency: Deep familiarity with MITRE ATT&CK and mapping findings to techniques/tactics for detection engineering and risk reporting.
Scripting & engineering: Strong hands-on capability with at least two: PowerShell, Python, Go, or C#; comfort building/operating secure C2/labs.
Detection awareness: Ability to partner with blue teams to validate EDR/SIEM detections, harden controls, and tune signal-to-noise.
Communication: Executive-level storytelling plus clear, reproducible technical documentation.

Nice To Haves

Certifications (preferred): OSCP, OSEP, CRTO/CRTP, GIAC (e.g., GXPN, GCTI, GCPN), CISSP.

Responsibilities

Demonstrated expertise in establishing and leading Red Team or Adversarial Simulation programs from inception, encompassing the development of governance frameworks and detailed operational playbooks.
Lead operations: Plan, authorize, and execute red-team engagements and adversary emulation campaigns across endpoints, identity, applications, cloud, and third-party integrations - safely, ethically, and with strong OPSEC.
Support purple teaming: Run collaborative exercises to validate detections and response playbooks; produce actionable improvements for SOC/IR.
Use frameworks that scale: Design scenarios and reporting mapped to MITRE ATT&CK to ensure consistent, comparable results.
Measure what matters: Define KPIs (detection coverage, time-to-detect, control efficacy) and communicate outcomes and risk reduction to senior stakeholders.
Guide tech & tooling: Maintain secure C2/infrastructure and lab environments; evaluate Breach and Attack Simulation tooling and capabilities to complement manual operations.
Mentor & grow talent: Set tradecraft standards, coaching operators on OPSEC, detections-as-deliverables, and high-impact reporting (exec-ready narratives and technical proof).
Champion safety & compliance: Ensure appropriate scoping, approvals, deconfliction, and safety controls for all activities.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume