Red Team Specialist

Vintti is a cutting-edge staffing agency revolutionizing the way US companies build their teams. Leveraging advanced technology and embracing the power of remote work, we connect SMBs, startups, and firms across the United States with top-tier talent from Latin America. Our platform seamlessly integrates professionals into US business ecosystems, regardless of physical borders. Vintti operates on the principle of a borderless future of work, where skills and expertise trump geographical constraints.

A Red Team Specialist is a cybersecurity professional who simulates real-world attacks to test an organization's defenses, identify vulnerabilities, and improve overall security posture. They use advanced techniques and tools to emulate adversaries, exploring potential entry points and weaknesses within systems, networks, and applications. By thinking like a hacker, Red Team Specialists provide valuable insights that help organizations strengthen their cybersecurity measures, ensuring resilience against potential threats and reducing the risk of data breaches or other malicious activities.

- Bachelor's degree in Computer Science, Information Security, or related field
- Minimum of 3-5 years of experience in cybersecurity, with a focus on penetration testing or red teaming
- Proficient knowledge of common cybersecurity frameworks and standards such as MITRE ATT&CK, NIST, and OWASP
- Advanced understanding of network protocols, infrastructure, and operating systems (Windows, Linux, macOS)
- Proven experience in exploiting vulnerabilities in web applications, networks, and systems
- Hands-on experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, and Nessus
- Skilled in scripting and programming languages like Python, PowerShell, Bash, and JavaScript
- Strong understanding of social engineering techniques and ability to execute phishing and pretexting attacks
- Excellent analytical, problem-solving, and critical thinking skills
- Ability to communicate complex technical findings clearly and effectively, both verbally and in writing
- Experience with threat modeling frameworks and techniques
- Demonstrated ability to develop and use custom tools and scripts for testing and exploitation
- Familiarity with advanced persistent threat (APT) tactics, techniques, and procedures (TTPs)
- Strong collaborative skills to work effectively with Blue Team and other security professionals
- Certifications such as OSCP, OSCE, CEH, or GPEN highly desirable
- Up-to-date knowledge of the latest cybersecurity threats, trends, and emerging technologies
- Ability to produce high-quality documentation and technical reports
- Experience conducting security assessments of third-party vendors and services
- Understanding of regulatory and compliance requirements related to cybersecurity
- Ability to mentor and train junior team members
- Must be able to pass a background check and possess or be eligible for relevant security clearances

- Plan, design, and execute red team engagements to simulate advanced adversarial tactics and techniques
- Perform in-depth penetration tests on web applications, networks, and internal systems
- Develop and use custom tools and scripts to replicate cyber threats
- Document and communicate findings, providing actionable remediation recommendations
- Conduct social engineering campaigns to evaluate human vulnerabilities
- Analyze, exploit, and clearly document vulnerabilities and security gaps
- Collaborate closely with Blue Team to enhance detection and response capabilities
- Stay informed on emerging threats and update red teaming methodologies
- Perform advanced persistent threat (APT) simulations to test organizational defenses
- Engage in continuous learning and professional development in cybersecurity
- Support development of junior team members through mentoring and training
- Create and maintain detailed documentation of red team operations and findings
- Conduct security assessments of third-party vendors and merged or acquired entities
- Ensure engagements are compliant with legal, regulatory, and ethical standards
- Develop and deliver detailed technical and executive-level reports post-engagement
- Provide real-time feedback during engagements to security operations and incident response teams
- Integrate red team tools, techniques, and processes into broader security strategy
- Lead or participate in after-action reviews to identify lessons learned
- Assist in designing and implementing security controls based on red team findings
- Participate in security governance forums to advocate for red team requirements and activities

The ideal candidate for the Red Team Specialist role is a highly analytical and detail-oriented cybersecurity professional with a minimum of 3-5 years of focused experience in penetration testing or red teaming, along with a Bachelor's degree in Computer Science, Information Security, or a related field. This individual possesses advanced knowledge of network protocols, infrastructure, and operating systems, and demonstrates a proven track record of identifying and exploiting vulnerabilities across web applications, networks, and systems. They excel in using and developing custom tools and scripts in languages such as Python, PowerShell, Bash, and JavaScript, and are proficient with tools like Metasploit, Burp Suite, Nmap, and Nessus. Their comprehensive understanding of frameworks like MITRE ATT&CK, NIST, and OWASP, complemented by certifications such as OSCP, OSCE, CEH, or GPEN, underscores their expertise. Exceptional problem-solving, critical thinking, and a proactive, self-motivated approach define their personality, while their excellent communication skills enable them to articulate complex technical findings clearly to both technical and non-technical stakeholders. This individual excels in creating detailed technical and executive-level reports, conducting social engineering attacks, and performing advanced persistent threat simulations. They have a robust collaborative spirit, working seamlessly with Blue Teams and other security professionals to enhance organizational security posture. Equally important is their ethical integrity, resilience under pressure, and commitment to continuous learning and staying abreast of emerging cybersecurity threats and trends. Their ability to think like an adversary while maintaining a disciplined and organized approach to documentation and reporting ensures they are a significant asset to any security team.

- Conduct simulated cyber-attacks to evaluate the security posture of the organization
- Identify and exploit vulnerabilities in applications, networks, and systems
- Develop and execute penetration testing scenarios
- Create detailed reports outlining vulnerabilities and the potential impact of security breaches
- Collaborate with Blue Team to share findings and improve overall security measures
- Stay up-to-date with the latest cybersecurity threats, trends, and techniques
- Utilize a variety of tools and technologies for vulnerability scanning and exploitation
- Participate in threat modeling and advanced persistent threat simulations
- Provide recommendations to remediate identified vulnerabilities
- Perform social engineering attacks, such as phishing and pretexting, to test human susceptibility to fraud tactics
- Continuously develop and refine red teaming methodologies and strategies
- Analyze security incidents and utilize lessons learned to enhance testing scenarios
- Conduct security assessments of third-party vendors and services
- Ensure compliance with relevant regulations, standards, and best practices
- Liaise with other IT and security teams to integrate findings into security improvements
- Conduct regular briefings and debriefings with senior leadership on red team activities and results
- Assist in the development and training of junior team members on red team tactics and tools
- Use and develop custom scripts and exploits to tailor attacks to specific environments
- Ensure clear documentation and knowledge transfer for all discovered vulnerabilities and remediation steps

- Highly analytical and detail-oriented
- Strong problem-solving skills
- Passionate about cybersecurity and continuous learning
- Proactive and self-motivated
- Excellent communication skills, both verbal and written
- Collaborative team player
- Creative thinker with the ability to develop novel attack methods
- Ethical mindset with integrity and professionalism
- Resilient under pressure and able to handle multiple tasks simultaneously
- Adaptive to rapidly changing environments and threats
- Strong leadership and mentoring skills
- Ability to think like an adversary
- Expertise in both offensive and defensive security strategies
- High level of curiosity and investigative mindset
- Commitment to staying current with cybersecurity trends and advancements
- Disciplined in maintaining thorough documentation and reporting
- Strong organizational skills and attention to detail
- Capable of working independently and in a team setting
- Dedicated to improving organizational security posture continuously

- Competitive salary range (based on experience and qualifications)
- Comprehensive health, dental, and vision insurance plans
- 401(k) plan with company match
- Paid time off (PTO) and holidays
- Flexible work schedule and remote work options
- Professional development and certification reimbursement
- Opportunities for career advancement and growth
- Access to cutting-edge tools and technologies
- Employee wellness programs and fitness subsidies
- Tuition assistance for continuing education
- Regular team-building activities and events
- Employee assistance programs (EAP) for personal and professional support
- Life and disability insurance coverage
- Incentive and bonus programs based on performance
- Parental leave and family support policies
- Travel reimbursement (if applicable)
- Collaborative and inclusive work culture
- Access to company-sponsored training, workshops, and conferences