Red Team Operator
Indexed description
Job Description:
Position Summary:
The primary objectives for the Information Security team are to protect confidential and sensitive information and to maintain operational stability resulting from cyber-attacks. Red Team members contribute to these objectives by performing assessments that proactively identifies security exposures within the Sun Life environment that go beyond the realm of traditional penetration testing. A successful Red Team Operator, specializing in Offensive Security, must possess a diverse and varied set of competencies to effectively simulate cyber-attacks in order to identify vulnerabilities within an organization's systems. Firstly, a deep understanding of various attack vectors and techniques is essential, including knowledge of malware, social engineering, and exploit development. Additionally, proficiency in network and application penetration testing is crucial for identifying weaknesses in infrastructure and software. Strong analytical skills are necessary to assess risks and prioritize targets accurately. The ability to work in close collaboration with other Red Team members is vital, as well as maintaining an openness to support and help others. Effective communication skills, including the ability to flexibly adjust communication styles, are essential for conveying findings and recommendations to diverse stakeholders. Finally, adaptability, creativity, and an interest in continuous learning are indispensable traits for devising innovative attack strategies and staying ahead of evolving threats in the cybersecurity landscape.
What You Will Do
The essential functions and responsibilities of this position include but are not limited to the following:
- Plan, carry out, report, and present on Red Team assessments, attack simulations and adversary emulations to identify vulnerabilities in critical information systems.
- Collaborate closely and support other Red Team members while conducting and reporting on Red Team missions and other activities.
- Perform network penetration, web and mobile application testing, source code reviews, threat analysis, and social-engineering assessments.
- Develop scripts, tools, and programs for Red Team operations.
- Manage, maintain, and improve a state-of-the-art command-and-control (C2) red team cloud environment (AWS, Azure, DigitalOcean).
- Assist with and develop security control evasion and bypass capabilities.
- Work with other parts of the business to develop a method for testing detective capability through Red Team exercises (e.g., purple teaming, assumed breaches etc.).
- Research latest threats and follow guidelines on Red Team Frameworks (MITRE).
- Assist in the production of weekly/monthly reports on security vulnerability trending and direction.
- Communicate Red Team findings to diverse sets of teams, providing clarity and guidance on remediating discovered security gaps.
- 3-5 year experience in an offensive security / penetration testing role.
- University degree in computer science, computer engineering or computer security.
- Strong, demonstrable experience in offensive security programming and automation languages: C, C++, ASM, C#, JavaScript, PowerShell etc.
- A general understanding of information security concepts and security trends and practices.
- Problem solving with creative solutions.
- Maintain high technical knowledge of systems and solutions.
- Industry certifications (OSCP/SANS/CEH/CISSP, CPTS) are a strong asset.
- Understand operation systems (OS), network protocols, application configuration with excellent report-writing skills.
- Strong and adaptable communication and presentation skills.
- Experience in leading grey/black hat engagements from start to finish.
- Network, Application or Mobile Penetration testing experience.
- Experience with CTF (Capture the flags) and/or security training platforms such as Hack the Box, TryHackMe, VulnHub.
- Offensive Security tooling experience: Cobalt Strike, EDR Evasion, Social Engineering platforms, Malware techniques, Custom tooling and pipeline development.
- Proficient in Active Directory exploitation (On-Prem and Cloud).
- Related projects in cybersecurity, programming, etc.
- OSINT (Open-source intelligence gathering).
- Social engineering techniques and tactics.
- Defense in depth security concepts including MITRE framework.
- IaaS and SDN Cloud Environments (AWS, Azure, Digital Ocean).
- Interpreted languages (Ruby, Python, PHP, etc.).
- Compiled languages (Java, C, C++, Assembly, etc.).
- Windows/Linux/UNIX/OSX internals.
At our company, we are committed to pay transparency and equity. Your actual base salary will be determined based on your unique skills, qualifications, experience, and education. In addition to your base salary, this position is eligible for a discretionary annual incentive award based on your individual performance as well as the overall performance of the business. We are dedicated to creating a work environment where everyone is rewarded for their contributions.
Job Category:
IT - Technology Services
Posting End Date:
17/07/2026
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search