Cybersecurity Penetration Tester & Red Teaming Specialist; Subcontractor

What We Need

We are seeking a highly skilled and motivated Cybersecurity Penetration Tester & Red Teaming Specialist to join our security team. This role is responsible for identifying vulnerabilities, simulating advanced threat scenarios, and delivering actionable insights to strengthen our client’s security posture. The ideal candidate is experienced in both technical exploitation and adversarial simulation, with the ability to think like an attacker and communicate findings effectively.

• Conduct penetration testing of applications, networks, cloud, and infrastructure to identify and exploit security vulnerabilities.
• Lead and participate in red team engagements, simulating real-world attack scenarios (including social engineering, physical security, and advanced persistent threats).
• Develop threat models and emulate adversary tactics, techniques, and procedures (TTPs) based on frameworks such as MITRE ATT&CK.
• Perform post-engagement reporting and debriefing, delivering clear, actionable recommendations to both technical and non-technical stakeholders.
• Perform applications source code security review for di@erent technology stacks using manual and automated review methods.
• Collaborate with blue teams and incident response teams to test detection, response, and resilience.
• Continuously research and adopt the latest o@ensive security tools, exploits, and methodologies.
• Assist in developing security awareness programs, red team vs. blue team exercises, and purple teaming initiatives.

• Bachelor’s degree in computer science, Cybersecurity, Information Security, or equivalent experience.
• 4+ years of experience in the domain.
• Proven experience in penetration testing and red teaming activities across various environments (web, cloud, network, mobile, physical).
• Strong knowledge of common vulnerabilities (OWASP Top 10, CVEs, CWE) and exploitation techniques.
• Proficiency with penetration testing and exploitation tools such as Metasploit, Burp Suite, Cobalt Strike, Nmap, Blood Hound, Empire, etc.
• Familiarity with scripting and automation using Python, Power Shell, or Bash.
• Deep understanding of Windows, Linux, Active Directory, and cloud platforms (AWS, Azure, GCP).
• Relevant certifications preferred (e.g., OSCP, OSCE, OSEP, CRTO, CEH, GPEN, GXPN, Red Team Operator).
• Excellent communication skills and ability to document findings in a clear, concise manner.
• Strong problem-solving mindset, creativity, and adaptability in simulating evolving threats.

• Opportunity to work on challenging security projects and cutting-edge red team operations.
• A collaborative environment with exposure to both o@ensive and defensive security practices.
• Professional development, training, and certification support.
• Competitive compensation and benefits.