Red Teamer Manager

Key Responsibilities:

1.Strategic Red Teaming and Penetration Testing

• Execute sophisticated red teaming engagements to simulate real-world attack scenarios.
• Develop and implement long-term offensive security strategies to proactively identify and address vulnerabilities across diverse environments.
• Conduct comprehensive penetration testing on internal networks, cloud environments, and applications.
• Execute social engineering attacks, phishing campaigns, and physical intrusions as part of full-spectrum red team operations.

2.Adversarial Threat Simulation & Attack Path Mapping

• Develop and refine threat emulation plans, leveraging TTPs (tactics, techniques, and procedures) used by nation-state actors and other adversaries.
• Model various attack paths from an adversarys perspective to test the resilience of existing security measures.
• Simulate attacks against IT, OT (Operational Technology), and ICS (Industrial Control Systems) environments, ensuring critical infrastructure protection.

3.Collaborative Defense & Response Enhancement

• Collaborate with Blue Teams, incident response teams, and the Security Operations Center (SOC) to enhance detection, response times, and mitigation strategies.
• Provide detailed feedback on the effectiveness of security controls, detection mechanisms, and incident response processes.
• Develop and conduct collaborative red-blue team exercises (purple teaming) to continuously improve organizational defense mechanisms.

4.Vulnerability Research & Exploit Development

• Conduct research on emerging cybersecurity threats and stay current with evolving vulnerabilities, zero-day exploits, and new attack techniques.
• Develop or customize proof-of-concept exploits to demonstrate the impact of vulnerabilities in real-world scenarios.
• Perform threat intelligence analysis to determine the most relevant and high-risk attack vectors for Adanis business environment.

5.Reporting & Risk Communication

• Produce comprehensive technical reports and executive-level summaries detailing vulnerabilities, successful attack simulations, and recommendations for improvement.
• Translate complex security vulnerabilities into business risk language for presentation to senior management and business stakeholders.
• Present red team findings in a clear and concise manner to leadership teams and board members, offering strategic insights for enhancing the overall cybersecurity posture.

6.Training, Mentoring, and Knowledge Sharing

• Provide mentorship and training to junior red team members and internal security teams, fostering a culture of proactive security and continuous improvement.
• Conduct workshops and tabletop exercises with business units to raise awareness about red teaming methodologies and the importance of cybersecurity.

7.Tool Development & Automation

• Develop, customize, or extend red teaming tools, scripts, and automation frameworks to simulate various attack vectors.
• Continuously assess and introduce new red teaming tools to improve the efficacy and realism of adversary simulations.

Qualifications & Skills:

Education:

• Bachelor's or master's degree in computer science, Cybersecurity, Information Security, or a related technical field.
• Relevant professional certifications in cybersecurity.

Experience:

• 10+ years of experiencein cybersecurity, with aminimum of 5 years in red teaming, offensive security, ethical hacking, or penetration testing.
• Proven track record of executing large-scale red teaming exercises in complex environments, including experience with critical infrastructure (Ports, Airports, Energy, etc.).
• Extensive experience in simulating advanced cyberattacks, particularly in industrial environments, OT, and ICS.

Certifications:

• CRTP, OSCP, OSCE, CRESTcertifications or equivalent in red teaming and penetration testing.
• Other cybersecurity certifications such asCISSP, CEH, GIAC, GCIH, GPENare CRTP advantageous.

Technical Skills:

• Expert knowledge ofoffensive security tools(e.g., Metasploit, Cobalt Strike, Burp Suite, Empire, etc.) andthreat simulation frameworks.
• Strong understanding ofTTPsused by cybercriminals and APT groups (MITRE ATT&CK framework knowledge preferred).
• Deep expertise innetwork protocols, firewalls, intrusion detection systems, and secure configurations.
• Proficient in various operating systems (Windows, Linux, macOS) and cloud environments (AWS, Azure, GCP).
• Knowledge ofOperational Technology (OT)andIndustrial Control Systems (ICS)security challenges and attack methodologies.
• Experience withexploit developmentandcustom tool creationfor red teaming operations.

Soft Skills:

• Communication: Excellent written and verbal communication skills, with the ability to convey complex technical information to non-technical stakeholders.
• Problem-Solving: Strong problem-solving skills, strategic thinking, and analytical ability to assess risks and prioritize mitigation.
• Leadership: Effective leadership and mentoring abilities for team members.
• Collaboration: Ability to work collaboratively with cross-functional teams and foster a culture of proactive security.
• Adaptability: Ability to work in high-pressure environments and handle multiple concurrent assignments with minimal oversight.
• Ethical Mindset :Commitment to ethical hacking principles and maintaining the highest standards of integrity.
• Continuous Learning:Dedication to staying ahead of cybersecurity threats through ongoing research and professional development.

Key Competencies:

• Adverserial Mindset:Ability to think like an adversary and develop innovative ways to bypass security controls.
• Collaborative Spirit:Strong emphasis on working closely with blue teams and cross-functional teams.
• Continuous Learning:Commitment to staying ahead of cybersecurity threats by engaging in ongoing research and professional development.