Principal Security Consultant (Red Team)

About The Role

Our consultants work on everything from client projects to development work and training, dealing with large corporate penetration tests to gaining credit for published advisories. Technical excellence and customer service are key to our work, you will be passionate about finding vulnerabilities while being happy liaising with customers.

Our team is growing, and we need inspiring people to join us and help us to continue to build a world leading cyber security operation whilst benefiting from the opportunity to fulfil their potential.

Based in INDIA, this work will lead on Red Team projects, including threat hunting work, but will have the opportunity to work on projects with worldwide clients, and will form part of our global team of penetration testers who share research, tooling, experience and collaborate freely on projects.

As a respected training provider and the leading provider of training at Black Hat conferences, our penetration testers also have the option of developing training skills and delivering security training, to both private customers, at our own events, and at leading international conferences.

Essential duties & responsibilities:

Plan and execute red team assessments to simulate real-world attack scenarios. Conduct thorough and realistic red team assessments to identify vulnerabilities in our organization's infrastructure, systems, and applications. Collaborate closely with the security team and other stakeholders to define objectives and scope of red team engagements. Research and stay up-to-date with the latest attack techniques, tools, and emerging threats to enhance the effectiveness of red teaming activities. Develop and execute comprehensive attack scenarios that simulate sophisticated, multi-stage cyber attacks. Utilize a variety of tools, technologies, and methodologies to mimic real-world attack vectors, such as social engineering, network exploitation, web application vulnerabilities, and lateral movement. Assess the effectiveness of security controls, incident response procedures, and other defensive measures during red team engagements. Document and communicate findings, including identified vulnerabilities, attack paths, and recommended remediation measures, in clear and concise reports. Collaborate with the security team and relevant stakeholders to prioritize and address identified vulnerabilities and weaknesses. Continuously enhance red teaming methodologies, tools, and processes to keep pace with evolving threats and industry best practices. Contribute to improving the organization’s overall security posture by providing guidance, expertise, and training to staff members.

About You

Essential:7+ years of experience in information security 4+ years of client-facing consulting work experience performing penetration testing. Familiarity with common attack vectors, tools, and techniques used by threat actors. Develop a comprehensive test plan, including goals, targets, and tactics to mimic real-world cyber threats. Conduct simulated cyberattacks, such as phishing, penetration testing, social engineering, and more, to identify vulnerabilities. Utilize a wide range of hacking techniques and tools to exploit weaknesses in the organization's defenses. Proficiency in programming and scripting languages (e.g., Python, PowerShell, Ruby). Strong understanding of network protocols, web applications, and cloud technologies. Certifications such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH) are a plus. Ability to work independently and as part of a collaborative team, managing multiple engagements simultaneously and meeting deadlines. Strong knowledge of various operating systems, network protocols, and security technologies. Assess and enhance the effectiveness of red team methodologies and processes. Proficiency in using a wide range of offensive security tools, frameworks, and scripting languages (e.g., Metasploit, Cobalt Strike, PowerShell, ) to simulate attacks. Excellent analytical and problem-solving skills. Excellent communication skills (written and verbal) with an ability to explain complex topics in a clear and concise manner to both technical and non-technical audiences  Stay proactive in identifying new attack vectors and techniques. Knowledge of cloud services and cloud security controls