Key Responsibilities:
- Plan and execute red team engagements, including:
- Phishing campaigns (spear-phishing, vishing, smishing) to gain initial access.
- Active Directory attacks (e.g., Kerberoasting, Golden/Silver Ticket, NTLM relay, Pass-the-Hash).
- Internal network penetration testing (lateral movement, privilege escalation, data exfiltration).
- Develop and deliver custom phishing payloads and social engineering tactics.
- Create Proof-of-Concept (PoC) scripts using Python, PowerShell
- Work closely with blue teams and developers to help them understand, reproduce, and mitigate findings.
- Strong aligning with MITRE ATT&CK and OWASP frameworks.
Key Requirements:
- 3+ years of hands-on experience in red teaming, penetration testing, or bug bounty programs with a focus on internal networks.
- Proven expertise in:
- Phishing (crafting and executing targeted campaigns).
- Active Directory exploitation (e.g., BloodHound, Mimikatz, Responder).
- Internal network attacks (pivoting, lateral movement, C2 frameworks). Strong scripting skills in Python, PowerShell.
- Experience with red team tools
- Knowledge of CI/CD pipelines and RedTeam on SDLC