Associate Principal – Red Team Consultant

Job Description: - Lead and participate in full-lifecycle red team engagements: scoping, planning, execution, and reporting

- Simulate advanced persistent threat (APT) tactics against enterprise network and cloud environments

- Execute multi-stage attack chains spanning network compromise, Active Directory abuse, cloud environments, and data exfiltration

- Design and conduct social engineering campaigns including phishing, vishing, and smishing operations

- Conduct adversary simulation against hybrid and cloud-native environments (AWS, Azure, GCP)

- Develop custom tooling, payloads, and tradecraft to evade modern defensive controls (EDR, SIEM, CASB)

- Produce high-quality, actionable reports tailored to both technical and executive audiences

- Collaborate with blue team and MDR teams to deliver purple team assessments

- Mentor junior consultants and contribute to internal capability development

- Stay current with emerging threat actor TTPs, tooling, and industry research

Requirements: - US Citizenship is Required

- 4+ years in offensive security, penetration testing, or red team roles

- Proven experience leading or independently executing full red team engagements (not just component pentests)

- Strong command of red teaming methodologies and attack patterns

- Proficiency with common red team toolkits: Cobalt Strike, Metasploit, Sliver, Havoc, or equivalent C2 frameworks

- Ability to develop and modify offensive tooling (Python, PowerShell, C/C#, or Go)

- Deep knowledge of Active Directory attack paths: Kerberoasting, AS-REP roasting, ACL abuse, DCSync, delegation attacks

- Experience with internal network lateral movement, credential access, and persistence mechanisms

- Familiarity with common enterprise security controls and bypass techniques (AV/EDR evasion, AMSI bypass, LOLBins)

- Understanding of network protocols: SMB, LDAP, Kerberos, DNS, RDP, WinRM

- Hands-on experience attacking cloud infrastructure in at least one major provider (AWS, Azure, or GCP)

- Familiarity with cloud-specific attack paths

- Experience with cloud red team tooling

- Experience designing and executing phishing simulation campaigns (credential harvesting, malware delivery)

- Familiarity with pretexting, vishing, and physical access scenarios

- Understanding of awareness evasion techniques (email gateway bypass, domain aging, spoofing controls)

- Relevant certifications: OSCP, CRTO, CRTE, PNPT, CRTL, or equivalent

- Cloud security certifications (AWS Security Specialty, AZ-900+, or similar) a plus

- Prior consulting or professional services experience in a client-facing capacity

- Experience with TIBER-EU, CBEST, or other regulated red team frameworks

- Published research, CVEs, or conference presentations (DEF CON, Black Hat, etc.) a plus

- Strong written and verbal communication — ability to write clear, concise, and technically accurate reports

- Comfortable presenting findings to C-suite and board-level stakeholders

- Self-directed; able to manage engagement workload with minimal supervision

- Collaborative team player with a mentorship mindset

- Ability to work within legal and ethical boundaries and maintain client confidentiality at all times

- Willingness to travel for on-site engagements as needed (up to ~25%)