Programmers.ioRemote
Security Engineer(Red Teamer)
United States of America
Full-time
1 week ago
H1B Sponsor Likely
Key skills
PythonBashPowerShellAWSAzureGCPIAMActive DirectoryCollaborationPenetration TestingCloud Security
About this role
Programmers.io is seeking a Red Teamer Security professional to execute authorized red team and adversary emulation activities. The role involves identifying weaknesses in people, processes, and technology through hands-on testing and collaboration with other security teams.
Responsibilities:
- Execute authorized red team and adversary emulation activities under defined rules of engagement to identify weaknesses in people, process, and technology
- Participate in planning offensive security engagements, including scoping discussions, attack path selection, and success criteria aligned to realistic threat scenarios
- Conduct hands-on testing across approved attack surfaces such as external perimeter, internal network, identity (Active Directory), endpoints, and cloud environments
- Perform reconnaissance and enumeration using OSINT and internal discovery techniques to identify viable initial access and movement opportunities
- Exploit validated weaknesses (where permitted) to demonstrate real-world business and security impact, including access expansion and lateral movement
- Execute social engineering simulations (e.g., phishing) when in scope to assess human and procedural resilience
- Document findings with evidence, maintaining accurate notes, screenshots, tooling artifacts, and timelines throughout the engagement
- Collaborate with senior red team members and purple team counterparts to validate detections, assess response gaps, and improve defensive controls
- Contribute to clear, structured reporting, translating technical findings into actionable remediation steps for security and infrastructure teams
- Continuously improve red team tradecraft by learning new techniques, tools, and attack patterns while staying aligned with organizational policies and safety requirements
Requirements:
- 3–6 years of hands-on experience in offensive security, red teaming, or advanced penetration testing
- Prior experience operating in enterprise environments with formal authorization and change controls
- Strong understanding of attack lifecycle and kill chain concepts
- Hands-on experience with Windows, Active Directory, and identity attacks
- Network and endpoint security concepts
- Common vulnerability classes and exploitation techniques
- Working knowledge of phishing and social engineering testing (design and execution under supervision)
- Practical experience using offensive security tools
- Ability to write and modify scripts in PowerShell, Python, or Bash to automate tasks and support testing
- Ability to produce clear technical documentation and findings summaries
- Comfortable working with cross‑functional teams (SOC, Infra, IAM, Cloud)
- Strong understanding of ethical, legal, and safety boundaries in offensive security
- Exposure to cloud security testing (Azure/AWS/GCP), especially identity and misconfiguration scenarios
- Familiarity with MITRE ATT&CK and mapping findings to tactics and techniques
- Experience participating in purple team exercises or detection validation
- Basic understanding of EDR, SIEM, and logging pipelines to support detection gap analysis
- One or more offensive security certifications (e.g., OSCP, CRTO, GPEN, or similar)