Job Description
Design and execute attack scenarios mapped to MITRE ATT&CK techniques
Assist in maintaining and enhancing internal offensive security toolkits and operator playbooks
Develop or modify scripts in Python, PowerShell, and Bash to support Red Team activities
Conduct phishing, vishing, and other social engineering attacks to assess human-layer risk
Maintain strict operational security during engagements, including infrastructure hygiene, traffic obfuscation, and log minimization
Ensure all engagements are executed safely without disrupting production environments
Produce detailed technical reports documenting attack paths, vulnerabilities, and exploitation techniques
Map findings to MITRE ATT&CK techniques and provide clear, actionable remediation guidance
Participate in purple team debriefs to help defensive teams understand attacker techniques and detection improvement opportunities
Collaborate closely with SOC, Incident Response, and engineering teams to validate detections and enhance defensive capabilities
Support the development of detection use cases, logging improvements, and incident response playbooks
Pay Rate will be between $10-$14 an hour depending on skills and experience.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Skills and Requirements
Required Experience
4-7 years of experience in Information Security Compliance, Red Team, or a related field
Proven experience conducting Red Team assessments and infrastructure penetration testing
Hands-on experience operating within Red Team environments
Essential Skills
Ability to execute end-to-end attack chains, including reconnaissance, exploitation, lateral movement, persistence, and exfiltration
Conduct internal and external attack simulations emulating realistic threat actor TTPs
Demonstrated experience with exploitation, privilege escalation, lateral movement, and post-exploitation techniques across Windows and Linux environments
Strong understanding of network protocols, authentication mechanisms, and common security misconfigurations
Perform web application, infrastructure, and cloud-focused attacks as part of multi-vector engagements
Experience utilizing command-and-control (C2) frameworks such as Cobalt Strike, Empire, or Covenant to develop and manage covert operations
Proven ability to think creatively and simulate an attacker mindset
Ability to operate discreetly and ethically under strict confidentiality controls
Provide training and delegate tasks to lower-level security engineers
Excellent written communication and technical documentation skills
Collaborate with analysts and engineers to test, validate, and deploy remediation fixes
Desired Skills
Experience with Active Directory attack paths, including Kerberoasting, AS-REP Roasting, constrained and unconstrained delegation abuse, DCsync/DCshadow, and BloodHound path reduction
Practical offensive security experience in Azure/Microsoft 365 (Entra ID) and/or Google Cloud Platform (GCP), including identity abuse, misconfigured roles and policies, workload identity takeover, OAuth application abuse, and cross-tenant risks
Initial access tradecraft, including macro-less delivery, HTA/JavaScript techniques, OAuth abuse, token replay, and cloud misconfiguration pivots
Experience building operator-grade tools using Python, Go, or PowerShell beyond simple scripting (e.g., custom loaders, C2 extensions, OPSEC-safe reconnaissance tooling)
Advanced web exploitation techniques such as SSRF metadata pivots, deserialization chains, cache poisoning, and template injection
Knowledge of API attack patterns, including authentication and authorization flaws, mass assignment, BOLA vulnerabilities, and GraphQL nuances
Exposure to mobile application or thick-client security assessments
Understanding of blue team telemetry (e.g., Sysmon, Microsoft Defender for Endpoint, Splunk) to plan stealthy operations and propose detection use cases from an offensive perspective
Awareness of evidence handling and clean artifact capture to support post-engagement analysis
Experience with Red Team infrastructure buildout, including domain fronting, redirector chains, TLS fingerprinting evasion, staging servers, and resilient DNS configurations
Ability to deliver executive-ready storytelling, including attack path narratives, business impact translation, and risk-based remediation roadmaps
Strong visual reporting skills, including attack flow diagrams, MITRE ATT&CK heatmaps, and kill chain overlays
Experience leading a Red Team workstream (e.g., phishing, Active Directory, cloud) and mentoring junior operators
Exposure to Red Team operations in regulated environments (PCI, SOX, HIPAA) with appropriate safe-testing controls
