Adversial Simulation

o you love a career where you Experience, Grow & Contribute at the same time, while earning at least 10% above the market? If so, we are excited to have bumped onto you.

Learn how we are redefining the meaning of work, and be a part of the team raved by Clients, Job-seekers and Employees.

Jobseeker Video Testimonials

Employee Glassdoor Reviews

If you are a Adversial Simulation - Offensive Security (Red Team) and looking for excitement, challenge and stability in your work, then you would be glad to come across this page.

Role: Adversial Simulation - Offensive Security (Red Team)
- Location: Hyderabad, Mumbai, Delhi/NCR, Bengaluru, Kolkata, Pune, and Chennai
- Experience: 5-8 Years

As a Lead/Senior Solution Advisor in the advisory and implementation business, your role involves adhering to defined methodologies for red team assessments. Your responsibilities include:

- Implementing established methodologies for red team assessments.
- Identifying opportunities for process efficiencies and exploring innovative approaches to complete the scope of work.
- Conducting relevant research, performing data analysis, and generating reports.
- Ensuring the completion and accuracy of work products.
- Proactively enhancing consulting skills and professional development through training courses, mentoring, and daily interactions with clients.
- Collaborating with a highly skilled and trained team on Red Team engagements for our clients.
- Staying updated on the latest exploits and potential attack strategies.

**Requirements**:

- A minimum of 7-10 years of experience in penetration testing, with at least 6 years focused on Red Team Operations.
- A deep interest in network protocols, code development, and infrastructure knowledge.
- Strong investigative and analytical problem-solving skills.
- Hands-on experience with Phishing Campaign Assessments (PCA), spam filter evasions, campaign design and creation, obfuscated campaign attachments, multi-factor evasions for phishing, and the use of phishing tools such as GoPhish and Evilginx3 (Red Team).
- Hands-on experience with Breach & Attack Simulation (BAS) tools like SafeBreach, Scythe, and Caldera (Red Team).
- The ability to leverage threat intelligence feeds and platforms for simulating advanced persistent threat (APT) scenarios during Adversarial Simulation Exercises.
- Understanding of Operational Security (OpSec) considerations during Red Team operations to avoid detection and compromise.
- Experience in collaborative work with defensive teams, such as Security Operations Center (SOC) and incident response teams, to improve detection and response capabilities.
- Knowledge of industry-specific security regulations and standards (e.g., PCI DSS, HIPAA, GDPR) to ensure testing complies with legal and regulatory requirements.
- Deep expertise in setting up Red Team infrastructure, including Command & Control (C2) servers, phishing servers, redirectors (long-haul & short-haul), payload delivery servers, and domain-fronting servers (Red Team).
- Familiarity with Infrastructure-as-Code (IAC) tools like Terraform or Ansible, enabling rapid deployment and teardown of Red Team infrastructure.
- Knowledge of advanced web-based attacks such as Server-Side Request Forgery (SSRF), Template Injection, and XML External Entity (XXE) attacks.
- A deep understanding of modern persistence mechanisms like WMI event subscriptions, scheduled tasks, and service principal names.
- Knowledge of malware development in various languages (C/C++, C#, NimLang, GoLang, Rust, etc.), obfuscation and evasion, and experience in reverse engineering using tools like IDA, Ghidra, and GDB (Red Team).
- The ability to create or modify buffer overflow, heap spraying, and Return Oriented Programming (ROP) exploits.
- Expertise in evading Endpoint Detection and Response (EDR) systems, Next-Generation Firewalls, and Intrusion Prevention Systems (Red Team).
- Hands-on experience with C2 frameworks such as Cobalt Strike, Havoc, Mythic, Sliver, etc. (Red Team).
- Mastery in lateral movement techniques using tools like BloodHound and Kerberoasting, as well as advanced credential dumping methods (Red Team).
- Expertise in advanced Active Directory (AD) exploitation techniques like DCSync, DCShadow, or Golden Ticket attacks (Red Team).
- Mastery in data exfiltration techniques, including DNS tunneling, ICMP exfiltration, and steganography (Red Team).
- Experience in developing, modifying, or expanding custom exploits.
- The ability to create custom tools when off-the-shelf tools dont meet requirements.
- Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined security service-related sources (tools, monitoring techniques, etc.).
- Familiarity with Secure Development Lifecycle (SDL) practices and their relationship to Red Teaming, ensuring the development team understands and rectifies vulnerabilities correctly.
- Understanding of at least one cloud environment, such as