Job Title:  T&T I Cyber-D&R I Assistant Manager I Red Teaming Attack Surface Management | Mumbai

Job requisition ID ::  108573
Date:  Jul 13, 2026
Location:  Mumbai
Designation:  Assistant Manager
Entity:  Deloitte Touche Tohmatsu India LLP

T&T I Cyber-D&R I Assistant Manager I Red Teaming Attack Surface Management | Mumbai
Job requisition ID : 108573 
Location: Mumbai
Entity: Deloitte Touche Tohmatsu India LLP 

 

 

The team 

 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at    how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.  Learn more about Cybersecurity  

 

Your work profile 

 

We are seeking an experienced Red Team Specialist with a strong background in offensive security and hands-on experience in conducting Red Team engagements across various vectors. The ideal candidate will be responsible for simulating sophisticated cyber-attacks to test and enhance our clients' detection and response capabilities, especially within the BFSI sector.
 
  • Minimum 5 years of hands-on experience in offensive security / red teaming roles.
  • Proficient in TTPs for Red Team operations, including phishing, C2 infrastructure, evasion techniques, privilege escalation, and data exfiltration.
  • In-depth understanding of Windows internals, Active Directory attacks (Kerberoasting, Pass-the-Hash/Ticket, ACL abuse, DCShadow, etc.).
  • Solid understanding of network protocols, cloud platforms, and endpoint security bypass techniques.
  • Familiarity with attack simulation tools, custom scripting, and open-source frameworks (Cobalt Strike, Metasploit, Empire, Covenant, etc.).
  • Experience in physical security assessments, badge cloning, RFID/NFC exploitation, and social engineering (preferred).
  • Strong knowledge of MITRE ATT&CK, NIST , and equivalent frameworks.
  • Ability to document findings, map them to risk frameworks, and present to both technical and executive stakeholders.
  • Educational Qualifications: B.tech, BCA, B.E or any other equivalent qualification.

 

 

Key Skills required:

 

 

  • Plan and execute Red Team engagements simulating realistic threat actor scenarios (external, internal, and physical).
  • Conduct assumed breach assessments, initial access simulations, lateral movement, and exfiltration exercises.
  • Leverage MITRE ATT&CK framework to design threat scenarios and map findings.
  • Exploit misconfigurations and vulnerabilities in Active Directory, cloud environments, and enterprise infrastructure.
  • Use and integrate CART/BAS tools like Cymulate, Pycus, or similar platforms to automate and validate security posture.
  • Work with Blue Teams to measure detection, prevention, and response capabilities post-engagement.
  • Develop comprehensive reports with actionable remediation recommendations.
  • Conduct threat emulation based on industry-specific APT groups relevant to the BFSI sector.
  • Stay updated on emerging threats, attack techniques, and countermeasures.
  • Support internal and client-facing security awareness, purple teaming, and tabletop exercises.
  • OSCP, CRTP, or similar offensive security certifications.
  • Prior experience in BFSI sector engagements.
  • Understanding of compliance and regulatory requirements in financial institutions (e.g., RBI, SEBI, ISO 27001).
  • Excellent analytical and problem-solving skills.
  • Strong communication skills for stakeholder management and post-engagement debriefs.
  • Ability to work in high-pressure environments and coordinate with cross-functional teams.