Research and analyze current threat actors, tools, techniques, and methodologies
Target Reconnaissance:
Perform OSINT-based intelligence gathering on target organizations
Adversary Simulation:
Design and execute realistic attack scenarios (network, application, cloud, social engineering)
Penetration Testing:
Conduct targeted testing on servers, databases, endpoints, and applications
Threat Emulation:
Use MITRE ATT&CK TTPs to mimic real-world adversaries
Post-Exploitation Activities:
Persistence, lateral movement, and privilege escalation
Covert Operations:
Maintain stealth to evade detection
Detection & Response Validation:
Assess SOC monitoring and incident response effectiveness
Reporting & Documentation:
Provide detailed reports with vulnerabilities, attack paths, and remediation steps
Collaboration:
Work closely with Blue Teams and stakeholders to strengthen defenses
Tool Development:
Create or customize scripts, exploits, and automation tools
Continuous Learning:
Stay updated with emerging threats and security technologies
Required Skills & Qualifications
Strong knowledge of
network protocols, Windows/Linux OS, and cloud environments
Essential Technical Skills:
Web Application Security Testing
Mobile Application Security (Android & iOS)
Cloud Security Testing
Active Directory Security Testing
Malware Development & Analysis
Memory Exploitation
Experience with