Back to Careers
Pune, India
Cybersecurity

Red Team Security Consultant/ VAPT Security Consultant (L2)

Position Summary:

We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies.

Key Roles & Responsibilities:

Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises.
Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews.
Perform manual security assessments for web applications, APIs, and client-server applications.
Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration.
Develop and execute custom attack payloads using tools and scripts.
Assess physical security controls and implement social engineering assessments when required.
Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell.
Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit.
Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements.


Preferred Qualification:

Preferred Certifications (Not Mandatory): OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO.
Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API).
2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains.
Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM.
Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc.
Basic ability to write automation scripts (Bash or Python).
Understanding of threat modeling and secure coding practices.
Strong understanding of TTPs, threat modeling, and secure coding practices.
Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.


Basic Qualifications:

Education: BE/MCA or University degree/Equivalent
Experience: Required: 2 - 5 years.
Excellent communication and collaboration skills.