Job Description

Work Locations i.e., Hyderabad/ Bangalore/ Mumbai/ Pune/ Gurgaon/ Kolkata/ Chennai Required Minimum of 7-10 years experience in penetration testing out of which 6 should be in Red Team Deep interest in network protocols, code development and infrastructure Investigative and analytical problem-solving Hands on experience on Phishing Campaign Assessments (PCA), spam filter evasions, campaign designing & creation, obfuscated campaign attachments, multi-factor evasions for phishing, and phishing tools such as GoPhish, Evilginx3, etc. (Red Team) Hands on experience on Breach & Attack Simulation (BAS) tools such as SafeBreach, Scythe, Caldera, etc. (Red team) Ability to leverage threat intelligence feeds and platforms to simulate advanced persistent threat (APT) scenarios during Adversarial Simulation Exercises. Understanding of OpSec considerations during red team operations to avoid detection and compromise. Experience in working collaboratively with defensive teams (e.g., SOC, incident response) to improve detection and response capabilities. Knowledge of industry-specific security regulations and standards (e.g., PCI DSS, HIPAA, GDPR) to ensure testing adheres to legal and compliance requirements. Deep understanding in setting up red team infrastructure with Command & Control (C2) servers, phishing servers, redirectors (long-haul & short-haul), payload delivery servers, domain-fronting servers, etc. (Red Team) Familiarity with Infrastructure-as-Code (IAC) tools like Terraform or Ansible, enabling rapid deployment and teardown of red team infrastructure. Knowledge of advanced web-based attacks like Server-Side Request Forgery (SSRF), Template Injection, and XML External Entity (XXE) attacks. Deep understanding of modern persistence mechanisms like WMI event subscriptions, scheduled tasks, and service principal names. Knowledge of malware development in any language (C/C++, C#, NimLang, GoLang, Rust, etc.), obfuscation & evasion, and experience in reverse engineering using tools like IDA, Ghidra, GDB, etc. (Red Team) Ability to create or modify buffer overflow, heap spraying, and Return Oriented Programming (ROP) exploits. Expertise in evading Endpoint Detection and Response (EDR) systems, Next-Generation Firewalls, and Intrusion Prevention Systems. (Red Team)Hands on experience on utilizing C2 frameworks such as Cobalt Strike, Havoc, Mythic, Sliver, etc. (Red Team) Mastery in lateral movement techniques using tools like BloodHound and Kerberoasting, as well as advanced credential dumping methods. (Red Team)Expertise in advanced AD exploitation techniques like DCSync, DCShadow, or Golden Ticket attacks. (Red Team) Mastery in data exfiltration techniques, including DNS tunneling, ICMP exfiltration, and steganography. (Red Team) Experience in developing, modifying or expanding custom exploits Ability to develop custom tools when off-the-shelf tools don\'t meet requirements. Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined security services related sources (tools, monitoring techniques etc.) Familiarity with Secure Development Lifecycle (SDL) practices and how they relate to red teaming, ensuring the development team understands and rectifies vulnerabilities correctly. Understanding of at least one cloud environment such as AWS, GCP, Azure and Ali Cloud Knowledge of attacks specific to cloud services, such as AWS\'s SSRF leading to IAM Role compromise or Azure\'s AD integration exploits. Hands on experience in penetration testing of mobile, desktop and web applications Ability to work in a team environment, including collaborating with other red team members and sharing knowledge and techniques. Demonstrated commitment to continuous learning, including staying updated with the latest vulnerabilities, exploits, and red team techniques. Experience in building utility programs for improving efficiencies Possession of excellent oral and written communication skill Knowledge of one or more scripting languages for automation and complex searches Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk; and Preferably OSCP/OSWE/OSED/OSEP/OSCE3/CRTO certified or CREST certified simulated Attack Specialist

foundit