Red Team Operator III

Every day, NuHarbor Security improves the cybersecurity of our clients by making it stronger and easier to understand.  Our comprehensive suite of security services, from strategic advising to 24-hour monitoring and management, provide an organizational view of security that is focused on results and recommendations that are valuable for both business and technical leaders.  We’re growing quickly because our clients, and the general market, are looking for these outcomes and for the data it gives them to explain, promote, and justify, their security investment and mission.

The Red Team Operator III will execute advanced offensive security engagements simulating real-world cyber-attacks to identify risks and vulnerabilities across enterprise, cloud, and hybrid environments. This role focuses on planning and performing adversary emulation and red team operations using established tools, techniques, and procedures (TTPs). The operator will document findings with clear business impact and provide actionable recommendations to improve client security posture.

What you’ll do

• Live the NuHarbor Ways: Help Clients Win, Always Improve, Protect the House.
• Execute Offensive Engagements: Plan and perform complex red team and adversary emulation exercises aligned to real-world threat actor TTPs (e.g., MITRE ATT&CK), including initial access, privilege escalation, lateral movement, persistence, and data exfiltration.
• Develop Threat-Informed Attack Paths: Use threat intelligence to design realistic attack scenarios across enterprise, cloud, and hybrid environments.
• Apply Offensive Techniques: Utilize industry-standard tools and frameworks (e.g., Cobalt Strike, Mythic, CALDERA) to conduct engagements with strict adherence to OPSEC and Rules of Engagement.
• Document and Communicate Findings: Produce clear, comprehensive technical reports and executive summaries that outline vulnerabilities, business impact, and remediation guidance.
• Collaborate with Defensive Teams: Work with blue teams to validate detection coverage and provide feedback on improving detection and response capabilities.
• Continuous Learning: Stay current with emerging attack vectors, vulnerabilities, and red team methodologies to evolve tradecraft and engagement quality.

Your foundation.  The requirements for this role:

• Bachelor’s Degree and eight (8+) years of experience in offensive cybersecurity (red teaming, penetration testing, or threat emulation).
  • In lieu of a degree: four (4) years of experience in a related technology field and relevant industry certifications (OSCP, OSWE, GPEN, GXPN, CRTO, etc.).
• Adversary Emulation Tools: Hands-on experience with frameworks such as Cobalt Strike, Mythic, CALDERA, or equivalent.
• Operating Systems & Identity: Strong understanding of attack surfaces across Windows, Linux, macOS, Active Directory, and Azure AD.
• Cloud Environments: Experience performing offensive testing in AWS, Azure, or GCP environments.
• Scripting & Automation: Ability to script in Python, PowerShell, or Bash for automation and tradecraft development.
• Networking & Security Fundamentals: Solid knowledge of TCP/IP, network protocols, and common security concepts.
• Reporting: Ability to produce clear technical documentation and executive summaries.
• Citizenship: Must be a U.S. citizen.

Additional capabilities that will differentiate you for this role:

• Certifications: OSWE, OSCP, CISSP, GPEN, GXPN; plus GRTP, OSEP, OSCE, CRTO, CRTE or equivalent experience.
• Familiarity with C2 infrastructure design and operational security practices.
• Understanding of secure coding principles and modern infrastructure design.
• Knowledge of incident response processes and defensive detection engineering principles.
• Experience executing attack paths in AWS, Azure, GCP and hybrid environments; understanding cloud security controls and misconfigurations.
• Strong written and verbal communication skills.

Base Salary for this role is targeted at $124,000 - $152,000 annually. *Salary based on Burlington, VT salary data. Offer is based on candidate geography. Additionally, this role is eligible for the company bonus plan at a 10% target.

NuHarbor Security hires in the following states: AZ, CO, FL, GA, ID, IL, IN, IA, MA, MD, ME, MI, MN, MO, MT, NC, NE, NH, NJ, NY, OH, OR, PA, RI, SC, TX, UT, VT, VA, WA

What you can expect:

• The engagement and support of company leadership who recognize the challenge of marketing a complex cybersecurity service in a chaotic market.
• An organization that recognizes and rewards employee commitment and contribution to our customers’ satisfaction and success
• Growth in your career and capabilities as you help to chart a path to improving customer interactivity and service adoption.
• A collaborative and driven working environment in a rapidly growing company and market
• A fun and social working environment where you are encouraged to be your true self.

You can also expect competitive salary and benefits, including paid time to give back in your community and generous PTO.

We are purpose driven. We, as an organization, above anything else protect the house first and then help our customers win.  If this sounds like the kind of organization you’d like to be a part of, we‘d like to hear from you.

AAP/EEO Statement

The Equal Employment Opportunity Policy of NuHarbor Security is to provide a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status or disability. NuHarbor Security hires and promotes individuals solely based on their qualifications for the job to be filled.

NuHarbor Security believes that employees should be provided with a working environment which enables each associate to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, religion, national origin, gender, sexual orientation, age, marital status, or disability.  We expect and require the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere.