Senior Red Team Operator / Penetration Tester

Senior Red Team Operator / Penetration Tester

rate: DOE 

Loc: San Jose, CA ( local candidate only)

Duration: 12+ months

Position Summary

We are seeking a highly skilled Senior Red Team Operator / Penetration Tester to identify, simulate, and validate real-world cyber threats against our organization. The successful candidate will conduct offensive security assessments, emulate advanced adversary tactics, and provide actionable recommendations to improve the organization’s security posture.

This role requires expertise in penetration testing, red teaming, adversary emulation, attack simulation, and security research across on-premises, cloud, application, and enterprise environments.

Key Responsibilities

Red Team Operations

Plan, execute, and lead red team engagements that simulate real-world threat actors.
Perform adversary emulation exercises based on known threat actor techniques.
Develop attack scenarios to test detection, response, and recovery capabilities.
Conduct stealth operations while avoiding detection by security controls where appropriate.
Execute phishing simulations, social engineering assessments, and user-awareness testing when authorized.
Penetration Testing

Perform internal and external network penetration tests.
Conduct web application, API, mobile application, cloud, wireless, and infrastructure security assessments.
Identify vulnerabilities, security weaknesses, and attack paths.
Validate the effectiveness of security controls through exploitation activities.
Conduct privilege escalation and lateral movement testing.
Verify remediation efforts through retesting.
Offensive Security Engineering

Develop custom tools, scripts, and automation for offensive security operations.
Create and maintain attack infrastructure and testing environments.
Research emerging attack techniques, vulnerabilities, and exploitation methods.
Build and maintain testing methodologies aligned with industry standards.
Develop proof-of-concept exploits where appropriate.
Security Validation & Purple Teaming

Collaborate with security operations teams to improve detection and response capabilities.
Test and validate endpoint, network, and cloud security controls.
Map findings and attack techniques to the MITRE ATT&CK framework.
Support purple team exercises to enhance defensive capabilities.
Assist in improving security monitoring and threat detection use cases.
Reporting & Communication

Produce detailed technical assessment reports.
Present findings, attack paths, and business risks to technical and non-technical stakeholders.
Provide prioritized remediation recommendations.
Document methodologies, tools used, and lessons learned from engagements.
 

Required Qualifications

5+ years of hands-on penetration testing or red team experience.
Strong understanding of: 
Network protocols and architectures
Active Directory security 
Windows, Linux, and macOS security
Cloud platforms (AWS, Azure, GCP)
Web application security 
Authentication and identity systems
Endpoint detection and response technologies
Experience conducting: 
Internal network assessments
External penetration testing
Web application testing 
Cloud security assessments 
Red team engagements 
Proficiency with scripting and automation:
Python 
PowerShell 
Bash 
 

Technical Skills

Offensive Security Tools

Experience with tools such as:

Burp Suite Professional 
Metasploit Framework 
Cobalt Strike 
BloodHound 
Nmap 
Mimikatz 
Impacket 
Cloud & Identity Security

AWS security testing 
Azure security testing 
Identity and access management assessments
Container and Kubernetes security testing
 

Desired Attributes

Strong analytical and problem-solving skills.
Ability to think like an attacker while maintaining ethical standards.
Excellent communication and report-writing abilities.
Experience working independently and leading offensive security engagements.
Ability to explain technical findings to executive and business stakeholders.
 

Success Metrics

Quality and impact of identified security findings.
Successful completion of red team and penetration testing engagements.
Reduction of organizational attack surface.
Improvement in detection and response capabilities.
Timely and actionable reporting of vulnerabilities and risks.
Contribution to security strategy and continuous improvement initiatives.