Senior Internal Red Team Engineer

5+ years of hands-on experience in offensive security Demonstrable track record of leading complex web application and cloud penetration tests Proven ability to read, review, and identify vulnerabilities in source code (especially Python and JavaScript) Deep, practical experience attacking and auditing cloud environments (AWS, GCP, Azure) and Kubernetes clusters Must hold one or more advanced, industry-recognized offensive security certifications: OSCP, OSWE, OSCE, CRTO, or GIAC (GCPN, GXPN) Expert-level knowledge of modern web application security, including the OWASP Top 10, API security, and common framework vulnerabilities Strong proficiency in common offensive security tools (Burp Suite, Nmap) and C2 frameworks (Cobalt Strike, Sliver, Brute Ratel) Strong written and verbal communication skills

Conduct comprehensive threat modeling and risk assessments Design and execute end-to-end, objective-based red team operations Perform deep, security-focused source code reviews (Python and JavaScript) Lead comprehensive security configuration audits of AWS, Azure, GCP, Digital Ocean, and Kubernetes environments Assess and test the security of CI/CD pipelines Conduct in-depth penetration tests against critical web applications, APIs, and cloud-native services Collaborate with engineering and defensive teams in purple team exercises Develop custom tooling, exploits, and automation scripts Stay abreast of the latest threat intelligence, vulnerabilities, and exploits Investigate, own, and report on vulnerabilities, exploit paths, and their business impact