Payatu - Security Consultant - Red Team & Networking Solutions

Role Overview :

We are looking for a hands-on Security Consultant with strong red-team / penetration-testing expertise to perform advanced assessments across enterprise environments.

You will be responsible for identifying vulnerabilities, attempting controlled exploits, evaluating resilience, and helping our clients remediate weaknesses.

Your work will span Active Directory (on-prem, Azure AD), internal/external networks, wireless, file sharing systems, web applications, and more.

Key Responsibilities :

- Design and execute advanced penetration tests, vulnerability assessments, and simulated attack scenarios to uncover security weaknesses in systems, networks, applications, and infrastructure.

- Conduct comprehensive assessments of Active Directory environments (on-prem, Azure), including lateral movement, privilege escalation, persistence, and other AD exploitation techniques.

- Perform internal and external network penetration testing, wireless network security assessments, and evaluations of file sharing systems.

- Simulate threat actor tactics, techniques, and procedures (TTPs) to test the organizations resilience and to push its detection, prevention, and response capabilities.

- Plan and execute social engineering attacks (e., phishing, pretexting, baiting, tailgating) to test human and insider threat vectors.

- Perform web application security testing : OWASP Top 10, logic flaws, custom code reviews, exploitation, etc.

- Suggest optimum security improvements to application components, architectures, and configurations.

- Collect evidence, develop proof of concept exploits, and maintain detailed write ups of findings.

- Deliver clear, actionable reports (technical non technical) with findings, risk evaluations, and remediation recommendations.

- Work closely with client teams (developers, QA, infrastructure, operations) to explain vulnerabilities and support remediation.

- Keep up to date with emerging threats, tools, exploits, and attack vectors; develop or customize tools, scripts, and techniques to enhance the red team/assessment capabilities.

- Occasionally mentor or provide guidance to more junior team members.

Required Qualifications & Experience :

- Minimum 3 years experience in penetration testing, red teaming, or similar offensive security roles, with strong focus on Active Directory environments.

- Deep hands-on expertise in AD exploitation : lateral movement, privilege escalation, persistence, etc.

- Solid fundamentals of network and application protocols : TCP/IP, DNS, DHCP, SMB, LDAP, etc.

- Strong web application security knowledge : OWASP Top 10, logic flaws, secure coding concerns.

- Experience in wireless network attacks and assessments.

- Proficient with at least one programming or scripting language (e. Python, PowerShell, etc.)

- Familiarity with red-teaming and penetration-testing tools : Burp Suite, evilginx, C2, bloodhound, etc.

- Excellent report writing, presentation, and communication skillsability to communicate both with technical teams and non technical stakeholders.

- Strong problem solving, analysis, troubleshooting skills; ability to work independently and under deadlines.

- Good planning and execution capabilities : organizing assessments, coordinating with teams, scoping.

Desirable / Nice to Have :

- Certifications : CRTP,CARTP, CRTE, CRTO, CARTE or equivalent.

- Experience working in the financial services domain, or other highly regulated industries.

- History of publishing, presenting or otherwise contributing to the security community (blogs, talks, advisories).

What Your Day Might Look Like :

- Beginning with a scoping meeting with the client & internal teams to define targets and scope of the assessment.

- Running network scans, enumeration, exploitation (internal and external).

- Breaking into AD, exploiting trust relationships, escalating privileges.

- Testing web applications : fuzzing, manual code review, logic flaws, session management, etc.

- Using C2 to evade existing security mechanism. (EDR, XDR etc).

- Conducting mock phishing or other social engineering attacks.

- Writing proof of concepts and collecting evidence of vulnerabilities.

- Documenting all findings and preparing a detailed report with remediation steps.

- Presenting results to client technical teams and leadership.

- Continuous self learning : staying updated with latest vulnerabilities, tools, threat actor TTPs, etc.

Soft Skills & Attributes :

- Ability to articulate technical findings in business friendly language.

- Strong ownership, self-motivation, and ability to work both independently and collaboratively.

- Adaptabilityable to shift focus depending on client environment or threat model.

- Good stakeholder management and ability to deliver under tight deadlines.