Penetration Tester
Indexed description
Job Title #1: Associate Principal, Adversarial Red Team
Location: Chicago, IL (Onsite – Hybrid - 3 days in a week)
Position Type: Fulltime permanent position
Responsibilities:
Primary Duties and Responsibilities:
- To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
- Execute comprehensive Red Team simulations including network/application penetration testing, cloud security, social engineering, physical security, mobile testing, and OSINT within defined rules of engagement.
- Develop and deploy Command and Control (C2) infrastructure using evasion and obfuscation techniques to test and enhance Cyber Defense detection capabilities.
- Leverage AI/LLM tooling to accelerate offensive research, exploit development, and overall Red Team effectiveness.
- Conduct ad-hoc white-box testing on pre-production and in-development infrastructure, and validate remediated findings with IT owners.
- Perform threat modeling, security risk assessments, and independent reviews of CLIENT’S's security, network, and applications.
- Develop clear, evidence-based reports with actionable remediation recommendations and debrief stakeholders on findings.
- Ensure security controls and testing activities align with applicable regulations, industry best practices, and CLIENT’S policies and procedures.
- Cross-train Red Team members and other Security/IT teams on adversarial threats, attack vectors, and remediation strategies.
- Stay current on emerging threats, threat intelligence, and attack techniques, advising IT leadership on mitigation approaches.
- Support audits, contribute to security roadmap development, and mentor team members while fostering a collaborative team environment.
- Perform other duties as assigned.
Technical Skills:
- Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing
- Demonstrated exploit, payload, and attack framework development experience
- Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting
- Strong working knowledge of Artificial Intelligence (AI) large language models (LLMs) and agentic AI systems – including how autonomous and tool-usig agents, orchestration frameworks, and protocols like Model Context Protocol (MCP) operate – and the ability to evaluate how these technologies can accelerate offensive security tradecraft across reconnaissance, exploit and payload development, adversarial tooling development, and enhance triaging for security findings.
- Strong proficiency in social engineering and intelligence gathering.
- Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
- Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
- Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
- Track record of vulnerability research and CVE assignments
- Knowledge of Windows APIs and Living off the Land (LOL) Binaries
- Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
- Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).
- Proficient in basic document management in a Microsoft SharePoint environment.
- Experience with dedicated document management tools (e.g., DMS, PolicyTech) is a plus.
- Experience with using ServiceNow is a plus.
Education and/or Experience:
- BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required
- 3+ Years’ experience of Penetration testing
- 5+ Years’ experience in Information Assurance or Cybersecurity work environments
Certificates or Licenses:
- Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, ARTE, etc.) highly desired.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search