Cybersecurity Analyst
Indexed description
Role Description
The Red Team Security Specialist simulates real-world cyberattacks to evaluate and improve an organization’s security posture. This role focuses on identifying vulnerabilities in systems, networks, applications, and human processes by ethically exploiting them helping organizations strengthen defenses proactively.
Key Responsibilities:
- Conduct penetration testing on networks, applications, APIs, cloud environments, and endpoints to uncover exploitable vulnerabilities and validate security controls. Each engagement should include scoping, threat modelling, exploitation where permitted, and clear evidence of impact.
- Perform social engineering exercises (phishing, vishing, pretexting, physical social engineering where allowed) to evaluate human and process risk while following legal and organizational approval processes. All social engineering must be carefully scoped, authorized, and documented.
- Apply strong knowledge of network architecture, protocols, segmentation, firewalls, VPNs, routing, and switching to assess network security posture and identify potential attack paths.
- Use scripting and programming skills to automate testing, build custom tools, support exploit validation, and improve pentesting efficiency.
- Simulate advanced threat scenarios and full-scale red team engagements to evaluate detection, response, and resilience.
- Identify security weaknesses using a mix of manual testing and automated tools, validating findings to reduce false positives and demonstrate real attack ability. Prioritize risky findings by exploitability and business impact.
- Plan and conduct full-scale red team engagements across enterprise environments, coordinating with stakeholders, managing timelines, and adapting to live defensive responses. Maintain operational discipline and proper approvals throughout engagements.
- Chain vulnerabilities to demonstrate realistic attack paths and business impact.
- Document findings with detailed technical notes, reproducible steps, screenshots/log excerpts, and a business-impact analysis that quantifies risk to systems, data, or operations. Ensure reports are clear for both technical remediation teams and executive stakeholders.
- Provide prioritized remediation recommendations and pragmatic mitigation strategies, including short-term compensating controls and longer-term fixes. Work with engineering teams to clarify fixes and re-test where necessary.
- Present results and remediation plans to technical teams, incident response, and senior leadership, tailoring the depth and emphasis to each audience and supporting follow-up action and verification.
- Bachelor's degree or equivalent work experience or certifications.
- Hands-on experience in red teaming, penetration testing, or offensive security.
- Strong understanding of web, network, API, cloud, and endpoint security testing.
- Good programming and scripting skills for pentesting, ideally in Python, PowerShell, Bash, or JavaScript.
- Strong offensive security fundamentals, including network protocols, common application vulnerabilities, privilege escalation, lateral movement, and persistence, with the ability to understand attack chains at a high level.
- Familiarity with exploit validation, vulnerability chaining, and adversary simulation.
- Strong reporting, communication, and stakeholder management skills.
- High ethical standards and ability to work within approved rules of engagement.
- Experience performing social engineering assessments with proper legal, ethical, and organizational controls; knowledge of safe phishing frameworks and enterprise campaign tooling.
Eastman is committed to creating a highly engaged workforce, where everyone can contribute to their fullest potential each day.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search