Back to search
New York Technology Partners Linkedin · Posted 6d ago

Red Team Penetration Tester

Chicago, Illinois, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

What You'll Do:

The Adversarial Red Team Associate Principal is responsible for strengthening security posture by conducting covert black-box and occasional white-box assessments across network, web application, cloud, mobile, physical, and social engineering domains, while coordinating with Security and IT teams to address and retest remediated findings. Ideal candidates will bring deep expertise in areas such as OSINT, penetration testing, C2 infrastructure development, evasion techniques, and custom scripting, along with strong communication skills and a commitment to staying ahead of emerging threats. All team members are held to the highest standards of ethics, integrity, and accountability, and are expected to foster a collaborative, bar-raising dynamic with defensive security teams.


Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

Execute comprehensive Red Team simulations including network/application penetration testing, cloud security, social engineering, physical security, mobile testing, and OSINT within defined rules of engagement.

Develop and deploy Command and Control (C2) infrastructure using evasion and obfuscation techniques to test and enhance Cyber Defense detection capabilities.

Leverage AI/LLM tooling to accelerate offensive research, exploit development, and overall Red Team effectiveness.

Conduct ad-hoc white-box testing on pre-production and in-development infrastructure, and validate remediated findings with IT owners.

Perform threat modeling, security risk assessments, and independent reviews of OCC's security, network, and applications.

Develop clear, evidence-based reports with actionable remediation recommendations and debrief stakeholders on findings.

Ensure security controls and testing activities align with applicable regulations, industry best practices, and OCC policies and procedures.

Cross-train Red Team members and other Security/IT teams on adversarial threats, attack vectors, and remediation strategies.

Stay current on emerging threats, threat intelligence, and attack techniques, advising IT leadership on mitigation approaches.

Support audits, contribute to security roadmap development, and mentor team members while fostering a collaborative team environment.

Perform other duties as assigned.


Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

High energy, results driven person with an attention to detail.

Strong enthusiasm to stay up-to-date on Threat Intelligence and learn new adversarial TTPs to simulate on a regular basis

Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions.

Exceptional tactical planning skills based on long-term strategic goals.

Exceptional verbal/written communication skills to be able to articulate ideas clearly and concisely.

Excellent listening skills.

Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, Social Engineering, Open-Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more.

Strong working knowledge of Artificial Intelligence (AI) large language models (LLMs) and agentic AI systems – including how autonomous and tool-usig agents, orchestration frameworks, and protocols like Model Context Protocol (MCP) operate – and the ability to evaluate how these technologies can accelerate offensive security tradecraft across reconnaissance, exploit and payload development, adversarial tooling development, and enhance triaging for security findings.

Proven due diligence and research ability via open-source avenues and technology.

Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS).

Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management

Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.

Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.

Strong knowledge of common enterprise infrastructure technology stacks and network configurations.

Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.

Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming language.

Ability to facilitate meetings and conversations.

Ability to work with business users, understand their needs and translate those needs to the final project deliverables.

Nice to have experience working on critical infrastructure in a regulated environment.


Technical Skills:

Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing

Demonstrated exploit, payload, and attack framework development experience

Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting

Strong working knowledge of Artificial Intelligence (AI) large language models (LLMs) and agentic AI systems – including how autonomous and tool-usig agents, orchestration frameworks, and protocols like Model Context Protocol (MCP) operate – and the ability to evaluate how these technologies can accelerate offensive security tradecraft across reconnaissance, exploit and payload development, adversarial tooling development, and enhance triaging for security findings.

Strong proficiency in social engineering and intelligence gathering.

Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.

Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).

Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).

Track record of vulnerability research and CVE assignments

Knowledge of Windows APIs and Living off the Land (LOL) Binaries

Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.

Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).

Proficient in basic document management in a Microsoft SharePoint environment.

Experience with dedicated document management tools (e.g., DMS, PolicyTech) is a plus.

Experience with using ServiceNow is a plus.


Education and/or Experience:

BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required

3+ Years’ experience of Penetration testing

5+ Years’ experience in Information Assurance or Cybersecurity work environments


Certificates or Licenses:

Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, ARTE, etc.) highly desired.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent