Senior Red Team Operator

The Threat Management Senior Red Team Operator is a cybersecurity professional responsible for leading and executing end-to-end adversary emulation activities across the enterprise. This role serves as a subject matter expert in simulating realistic attack scenarios, including social engineering, credential access, lateral movement, persistence, and ransomware-based attack paths, to assess and validate the organization’s ability to detect, respond to, and withstand real-world threats.

The Red Team Operator is not a traditional penetration tester but instead focuses on full attack chain execution aligned to threat-informed scenarios, business risk, and known control gaps. This role requires a strategic and technical operator capable of planning, coordinating, and executing complex engagements while collaborating closely with Incident Response, Threat Intelligence, Detection Engineering, and Application Security teams to drive measurable improvements in enterprise security posture.

This role reports directly to the Senior Manager – Threat Management

- Serve as the lead operator for adversary emulation activities, executing end-to-end attack scenarios across enterprise environments.

- Plan and execute realistic attack chains including initial access, social engineering, credential access, lateral movement, persistence, and ransomware simulation.

- Act as the primary subject matter expert during Red Team engagements, guiding execution strategy and adapting based on environmental conditions.

- Translate threat intelligence, business risk, and known control gaps into prioritized attack scenarios.

- Collaborate with Threat Intelligence to ensure alignment with real-world adversary tactics, techniques, and procedures (TTPs).

- Partner with Incident Response and Detection Engineering teams to validate detection, response, and triage effectiveness during simulations.

- Expand findings beyond isolated vulnerabilities by chaining weaknesses into full attack paths.

- Document engagement activities, findings, and recommendations with a focus on actionable improvements.

- Support post-engagement reviews to identify detection gaps, control weaknesses, and response improvements.

- Assist in the development and refinement of adversary emulation methodologies, playbooks, and procedures.

- Collaborate with Application Security to validate whether vulnerabilities can be exploited in realistic scenarios.

- Maintain and operate Red Team infrastructure, tooling, and testing environments.

- Support tabletop exercises and purple team engagements to enhance organizational readiness.

- Stay current on emerging adversary techniques, tools, and tradecraft.

This is a remote position.

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future.

Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.

Formal Education & Certification

- Bachelor’s degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience.

- Relevant certifications such as OSCP, CRTO, GPEN, or similar are preferred.

Knowledge & Experience

- 5+ years IT/Cybersecurity experience.

- Proven experience executing adversary emulation, Red Team, or advanced security testing activities.

- Strong understanding of attack methodologies across enterprise environments, including identity systems, endpoints, networks, and cloud platforms.

- Experience with social engineering techniques and user-focused attack vectors.

- Familiarity with lateral movement, privilege escalation, and persistence mechanisms.

- Understanding of ransomware behaviors and attack patterns.

- Experience operating within structured attack frameworks such as MITRE ATT&CK.

- Ability to adapt attack execution based on detection and defensive controls.

- Strong communication skills with the ability to translate technical findings into business risk.

- Ability to operate independently and lead complex engagements in dynamic environments.

Preferred Experience

- Experience with command-and-control frameworks (., Sliver, Cobalt Strike, or similar).

- Familiarity with identity and Active Directory attack tooling (., BloodHound, Impacket, Mimikatz or equivalent techniques).

- Experience with reconnaissance and enumeration tools (., Nmap, NetExec, or similar).

- Exposure to phishing and social engineering platforms (., GoPhish or equivalent).

- Familiarity with cloud security assessment and attack tooling (., ScoutSuite or similar platforms).

- Experience managing Red Team infrastructure, including VPS environments, domain setup, and attack staging infrastructure.

- Exposure to adversary emulation validation platforms or automated testing solutions preferred (., Safe Breach)

- Experience collaborating with SOC, Detection Engineering, or Incident Response teams in a CSOC or MSSP environment.

- Must be eighteen years or older.