Payatu Security Consultant Red Team & Networking Solutions

Job description

<p><p><b>Role Overview :</b><br/><br/> We are looking for a hands-on Security Consultant with strong red-team / penetration-testing expertise to perform advanced assessments across enterprise environments.<br/><br/> You will be responsible for identifying vulnerabilities, attempting controlled exploits, evaluating resilience, and helping our clients remediate weaknesses.<br/><br/> Your work will span Active Directory (on-prem, Azure AD), internal/external networks, wireless, file sharing systems, web applications, and more.<br/><br/> <b>Key Responsibilities :</b><br/><br/> - Design and execute advanced penetration tests, vulnerability assessments, and simulated attack scenarios to uncover security weaknesses in systems, networks, applications, and infrastructure.<br/><br/> - Conduct comprehensive assessments of Active Directory environments (on-prem, Azure), including lateral movement, privilege escalation, persistence, and other AD exploitation techniques.<br/><br/> - Perform internal and external network penetration testing, wireless network security assessments, and evaluations of file sharing systems.<br/><br/> - Simulate threat actor tactics, techniques, and procedures (TTPs) to test the organizations resilience and to push its detection, prevention, and response capabilities.<br/><br/> - Plan and execute social engineering attacks (e., phishing, pretexting, baiting, tailgating) to test human and insider threat vectors.<br/><br/> - Perform web application security testing : OWASP Top 10, logic flaws, custom code reviews, exploitation, etc.<br/><br/> - Suggest optimum security improvements to application components, architectures, and configurations.<br/><br/> - Collect evidence, develop proof of concept exploits, and maintain detailed write ups of findings.<br/><br/> - Deliver clear, actionable reports (technical + non technical) with findings, risk evaluations, and remediation recommendations.<br/><br/> - Work closely with client teams (developers, QA, infrastructure, operations) to explain vulnerabilities and support remediation.<br/><br/> - Keep up to date with emerging threats, tools, exploits, and attack vectors; develop or customize tools, scripts, and techniques to enhance the red team/assessment capabilities.<br/><br/> - Occasionally mentor or provide guidance to more junior team members.<br/><br/> <b>Required Qualifications & Experience :</b><br/><br/> - Minimum 3 years experience in penetration testing, red teaming, or similar offensive security roles, with strong focus on Active Directory environments.<br/><br/> - Deep hands-on expertise in AD exploitation : lateral movement, privilege escalation, persistence, etc.<br/><br/> - Solid fundamentals of network and application protocols : TCP/IP, DNS, DHCP, SMB, LDAP, etc.<br/><br/> - Strong web application security knowledge : OWASP Top 10, logic flaws, secure coding concerns.<br/><br/> - Experience in wireless network attacks and assessments.<br/><br/> - Proficient with at least one programming or scripting language (e.

Python, PowerShell, etc.)<br/><br/> - Familiarity with red-teaming and penetration-testing tools : Burp Suite, evilginx, C2, bloodhound, etc.<br/><br/> - Excellent report writing, presentation, and communication skillsability to communicate both with technical teams and non technical stakeholders.<br/><br/> - Strong problem solving, analysis, troubleshooting skills; ability to work independently and under deadlines.<br/><br/> - Good planning and execution capabilities : organizing assessments, coordinating with teams, scoping.<br/><br/> <b>Desirable / Nice to Have :</b><br/><br/> - Certifications : CRTP,CARTP, CRTE, CRTO, CARTE or equivalent.<br/><br/> - Experience working in the financial services domain, or other highly regulated industries.<br/><br/> - History of publishing, presenting or otherwise contributing to the security community (blogs, talks, advisories).<br/><br/> <b>What Your Day Might Look Like :</b><br/><br/> - Beginning with a scoping meeting with the client & internal teams to define targets and scope of the assessment.<br/><br/> - Running network scans, enumeration, exploitation (internal and external).<br/><br/> - Breaking into AD, exploiting trust relationships, escalating privileges.<br/><br/> - Testing web applications : fuzzing, manual code review, logic flaws, session management, etc.<br/><br/> - Using C2 to evade existing security mechanism.

(EDR, XDR etc).<br/><br/> - Conducting mock phishing or other social engineering attacks.<br/><br/> - Writing proof of concepts and collecting evidence of vulnerabilities.<br/><br/> - Documenting all findings and preparing a detailed report with remediation steps.<br/><br/> - Presenting results to client technical teams and leadership.<br/><br/> - Continuous self learning : staying updated with latest vulnerabilities, tools, threat actor TTPs, etc.<br/><br/> <b>Soft Skills & Attributes :</b><br/><br/> - Ability to articulate technical findings in business friendly language.<br/><br/> - Strong ownership, self-motivation, and ability to work both independently and collaboratively.<br/><br/> - Adaptabilityable to shift focus depending on client environment or threat model.<br/><br/> - Good stakeholder management and ability to deliver under tight deadlines.<br/><br/></p><br/></p> (ref:hirist.tech)

Required Skill Profession

Computer Occupations