Associate Principal Red Team Consultant

What You'll Do:

- Lead and participate in full-lifecycle red team engagements: scoping, planning, execution, and reporting
- Simulate advanced persistent threat (APT) tactics against enterprise network and cloud environments
- Execute multi-stage attack chains spanning network compromise, Active Directory abuse, cloud environments, and data exfiltration
- Design and conduct social engineering campaigns including phishing, vishing, and smishing operations
- Conduct adversary simulation against hybrid and cloud-native environments (AWS, Azure, GCP)
- Develop custom tooling, payloads, and tradecraft to evade modern defensive controls (EDR, SIEM, CASB)
- Produce high-quality, actionable reports tailored to both technical and executive audiences
- Collaborate with blue team and MDR teams to deliver purple team assessments
- Mentor junior consultants and contribute to internal capability development
- Stay current with emerging threat actor TTPs, tooling, and industry research

What You Have:

US Citizenship is Required

Core Offensive Security
- 4+ years in offensive security, penetration testing, or red team roles
- Proven experience leading or independently executing full red team engagements (not just component pentests)
- Strong command of red teaming methodologies and attack patterns
- Proficiency with common red team toolkits: Cobalt Strike, Metasploit, Sliver, Havoc, or equivalent C2 frameworks
- Ability to develop and modify offensive tooling (Python, PowerShell, C/C#, or Go)

Network & Infrastructure
- Deep knowledge of Active Directory attack paths: Kerberoasting, AS-REP roasting, ACL abuse, DCSync, delegation attacks
- Experience with internal network lateral movement, credential access, and persistence mechanisms
- Familiarity with common enterprise security controls and bypass techniques (AV/EDR evasion, AMSI bypass, LOLBins)
- Understanding of network protocols: SMB, LDAP, Kerberos, DNS, RDP, WinRM

Cloud Environments
- Hands-on experience attacking cloud infrastructure in at least one major provider (AWS, Azure, or GCP)
- Familiarity with cloud-specific attack paths
- Experience with cloud red team tooling

Social Engineering
- Experience designing and executing phishing simulation campaigns (credential harvesting, malware delivery)
- Familiarity with pretexting, vishing, and physical access scenarios
- Understanding of awareness evasion techniques (email gateway bypass, domain aging, spoofing controls)

Preferred Qualifications

- Relevant certifications: OSCP, CRTO, CRTE, PNPT, CRTL, or equivalent
- Cloud security certifications (AWS Security Specialty, AZ-900+, or similar) a plus
- Prior consulting or professional services experience in a client-facing capacity
- Experience with TIBER-EU, CBEST, or other regulated red team frameworks
- Published research, CVEs, or conference presentations (DEF CON, Black Hat, etc.)
- Familiarity with threat intelligence and threat actor emulation planning

Soft Skills & Professional Requirements

- Strong written and verbal communication — ability to write clear, concise, and technically accurate reports
- Comfortable presenting findings to C-suite and board-level stakeholders
- Self-directed; able to manage engagement workload with minimal supervision
- Collaborative team player with a mentorship mindset
- Ability to work within legal and ethical boundaries and maintain client confidentiality at all times
- Willingness to travel for on-site engagements as needed (up to ~25%)