Penetration Tester

Adani Group is seeking a highly experienced Red Teaming Cybersecurity Expert to lead, design, and execute red teaming exercises aimed at testing and enhancing the security posture of Adani Group’s diverse entities. The Red Teaming lead will identify vulnerabilities, simulate advanced cyberattacks and adversaries using sophisticated tools & technologies to determine system loopholes, and work closely with internal teams to improve defense mechanisms.

Experience:

• 10+ years of experience in cybersecurity, with a minimum of 7 years in red teaming, offensive security, ethical hacking, or penetration testing.
• Proven track record of executing large-scale red teaming exercises in complex environments, including experience with critical infrastructure (Ports, Airports, Energy, etc.).
• Extensive experience in simulating advanced cyberattacks, particularly in industrial environments, OT, and ICS.

Education:

• Bachelor’s or master’s degree in computer science, Cybersecurity, Information Security, or a related technical field.
• Relevant professional certifications in cybersecurity like

Certifications:

• OSCP, OSCE, CREST certifications or equivalent in red teaming and penetration testing.
• Other cybersecurity certifications such as CISSP, CEH, GIAC, GCIH, GPEN are advantageous.

Technical Skills:

• Expert knowledge of offensive security tools (e.g., Metasploit, Cobalt Strike, Burp Suite, Empire, etc.) and threat simulation frameworks.
• Strong understanding of TTPs used by cybercriminals and APT groups (MITRE ATTACK framework knowledge preferred).
• Deep expertise in network protocols, firewalls, intrusion detection systems, and secure configurations.
• Proficient in various operating systems (Windows, Linux, macOS) and cloud environments (AWS, Azure, GCP).
• Knowledge of Operational Technology (OT) and Industrial Control Systems (ICS) security challenges and attack methodologies.
• Experience with exploit development and custom tool creation for red teaming operations.

Key Responsibilities:

1. Strategic Red Teaming and Penetration Testing

• Lead and execute sophisticated red teaming engagements to simulate real-world attack scenarios.
• Develop and implement long-term offensive security strategies to proactively identify and address vulnerabilities across diverse environments.
• Conduct comprehensive penetration testing on internal networks, cloud environments, and applications.
• Execute social engineering attacks, phishing campaigns, and physical intrusions as part of full-spectrum red team operations.

2. Adversarial Threat Simulation & Attack Path Mapping

• Develop and refine threat emulation plans, leveraging TTPs (tactics, techniques, and procedures) used by nation-state actors and other adversaries.
• Model various attack paths from an adversary’s perspective to test the resilience of existing security measures.
• Simulate attacks against IT, OT (Operational Technology), and ICS (Industrial Control Systems) environments, ensuring critical infrastructure protection.

3. Collaborative Defense & Response Enhancement

• Collaborate with Blue Teams, incident response teams, and the Security Operations Center (SOC) to enhance detection, response times, and mitigation strategies.
• Provide detailed feedback on the effectiveness of security controls, detection mechanisms, and incident response processes.
• Develop and conduct collaborative red-blue team exercises (purple teaming) to continuously improve organizational defense mechanisms.

4. Vulnerability Research & Exploit Development

• Conduct research on emerging cybersecurity threats and stay current with evolving vulnerabilities, zero-day exploits, and new attack techniques.
• Develop or customize proof-of-concept exploits to demonstrate the impact of vulnerabilities in real-world scenarios.
• Perform threat intelligence analysis to determine the most relevant and high-risk attack vectors for Adani’s business environment.
• Present red team findings in a clear and concise manner to leadership teams and board members, offering strategic insights for enhancing the overall cybersecurity posture.

5. Training, Mentoring, and Knowledge Sharing

• Provide mentorship and training to junior red team members and internal security teams, fostering a culture of proactive security and continuous improvement.
• Conduct workshops and tabletop exercises with business units to raise awareness about red teaming methodologies and the importance of cybersecurity.

7. Tool Development & Automation

• Develop, customize, or extend red teaming tools, scripts, and automation frameworks to simulate various attack vectors.
• Continuously assess and introduce new red teaming tools to improve the efficacy and realism of adversary simulations.

Key Competencies:

• Ethical Hacker Mindset: Ability to think like an adversary and develop innovative ways to bypass security controls.
• Collaborative Spirit: Strong emphasis on working closely with blue teams and cross-functional teams.
• Continuous Learning: Commitment to staying ahead of cybersecurity threats by engaging in ongoing research and professional development.