IT Red Team Specialist

IT Red Team Specialist (One-Time Engagement)

We are urgently seeking a highly skilled Red Team IT Specialist for a critical, one-time engagement. This project focuses on stress-testing and strengthening the cybersecurity posture of enterprise IT infrastructure. You will simulate real-world cyberattacks to identify vulnerabilities, achieve initial access, conduct post-exploitation activities, and evaluate detection and response capabilities while providing actionable remediation strategies.

Scope of Work & Objectives

• Target Environments:

Enterprise IT infrastructure, including:

• Active Directory environments

• Cloud platforms (Azure/AWS/GCP)

• Web applications and APIs

• Internal networks

• Endpoints and identity systems

• OT/ICS environments (where applicable)

• Primary Objective:

Assess the organization’s overall security posture by emulating real-world threat actors, identifying security weaknesses, and evaluating detection, response, and recovery capabilities.

• Red Team Operations:

Scenario-based adversary emulation aligned with the MITRE ATT&CK (Enterprise Matrix).

• Attack Simulations:

Initial access via phishing, payload delivery, and credential harvesting

• Active Directory exploitation (Kerberoasting, Pass-the-Hash, Golden/Silver Ticket attacks)

• Web application and API exploitation

• Lateral movement and privilege escalation

• Data exfiltration simulations

• Persistence mechanisms and command-and-control (C2) operations

• Firewall, EDR, and detection evasion techniques

Key Deliverables

• Detailed attack narrative and adversary path documentation

• Risk-based vulnerability assessment and impact analysis

• Detection gap analysis (SOC visibility & response assessment)

• Executive-level risk summary

• Tactical remediation roadmap

Required Expertise

• Proven experience in enterprise Red Team engagements

• Strong knowledge of Windows internals, Active Directory, and identity-based attacks

• Hands-on experience with C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic)

• Deep understanding of network protocols and enterprise architectures

• Familiarity with cloud security testing (Azure/AWS/GCP)

• Strong reporting experience for executive and technical audiences

Required Skills

Experience:

• 5+ years of hands-on experience in Red Teaming, penetration testing, or offensive security

• Minimum 2+ years conducting VAPT specifically in OT/ICS environments

OT/ICS Expertise:

• In-depth knowledge of industrial control networks, SCADA systems, and OT security

• Familiarity with industrial protocols such as Modbus, DNP3, BACnet, OPC UA, and Profinet

Offensive Tools:

• Proficiency with Cobalt Strike, Metasploit, Empire, BloodHound, Mimikatz, Burp Suite, etc.

• Familiarity with C2 frameworks like Mythic or Sliver is a plus

Tactical Execution:

• Proven experience with AD attacks

• Advanced lateral movement techniques

• Experience bypassing firewalls, EDR, and network anomaly detection systems

Scripting/Development:

• Proficiency in Python, PowerShell, Bash, and C/C++ for exploit development and automation

Specialized Knowledge (Preferred):

• RF security

• Hardware/embedded device security

• Firmware analysis

• Application Requirement

Interested candidates are requested to submit a detailed proposal or scope document outlining:

• Proposed testing methodology

• Tools and frameworks to be used

• Engagement phases and timeline

• Required access/assumptions

• Reporting structure and deliverables

• Estimated effort and pricing

Only candidates who provide a structured proposal or scope document will be considered.

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!