Job Title:  Assistant Manager | Red Teaming | Mumbai | Cyber Defense & Resilience

Job Title : Red Team Specialist

Experience: 3 to 5 Years

Location: Mumbai (Full-Time | Work From Office)

Industry: BFSI

Certifications: OSCP, CRTP, or equivalent

Tools Exposure: Cymulate, Pycus, or other CART/BAS platforms

Job Summary:

We are seeking an experienced Red Team Specialist with a strong background in offensive security and hands-on experience in conducting Red Team engagements across various vectors. The ideal candidate will be responsible for simulating sophisticated cyber-attacks to test and enhance our clients' detection and response capabilities, especially within the BFSI sector.

Key Responsibilities:

• Plan and execute Red Team engagements simulating realistic threat actor scenarios (external, internal, and physical).
• Conduct assumed breach assessments, initial access simulations, lateral movement, and exfiltration exercises.
• Leverage MITRE ATT&CK framework to design threat scenarios and map findings.
• Exploit misconfigurations and vulnerabilities in Active Directory, cloud environments, and enterprise infrastructure.
• Use and integrate CART/BAS tools like Cymulate, Pycus, or similar platforms to automate and validate security posture.
• Work with Blue Teams to measure detection, prevention, and response capabilities post-engagement.
• Develop comprehensive reports with actionable remediation recommendations.
• Conduct threat emulation based on industry-specific APT groups relevant to the BFSI sector.
• Stay updated on emerging threats, attack techniques, and countermeasures.
• Support internal and client-facing security awareness, purple teaming, and tabletop exercises.

Required Skills & Experience:

• Minimum 5 years of hands-on experience in offensive security / red teaming roles.
• Proficient in TTPs for Red Team operations, including phishing, C2 infrastructure, evasion techniques, privilege escalation, and data exfiltration.
• In-depth understanding of Windows internals, Active Directory attacks (Kerberoasting, Pass-the-Hash/Ticket, ACL abuse, DCShadow, etc.).
• Solid understanding of network protocols, cloud platforms, and endpoint security bypass techniques.
• Familiarity with attack simulation tools, custom scripting, and open-source frameworks (Cobalt Strike, Metasploit, Empire, Covenant, etc.).
• Experience in physical security assessments, badge cloning, RFID/NFC exploitation, and social engineering (preferred).
• Strong knowledge of MITRE ATT&CK, NIST , and equivalent frameworks.
• Ability to document findings, map them to risk frameworks, and present to both technical and executive stakeholders.

Preferred Qualifications:

• OSCP, CRTP, or similar offensive security certifications.
• Prior experience in BFSI sector engagements.
• Understanding of compliance and regulatory requirements in financial institutions (e.g., RBI, SEBI, ISO 27001).

Additional Expectations:

• Excellent analytical and problem-solving skills.
• Strong communication skills for stakeholder management and post-engagement debriefs.
• Ability to work in high-pressure environments and coordinate with cross-functional teams.