Senior Red Team Operator
Sherwin-Williams · Cleveland, OH · 3 wk ago
Information TechnologyFull-time
About the role
The Threat Management Senior Red Team Operator is a cybersecurity professional responsible for leading and executing end-to-end adversary emulation activities across the enterprise. This role serves as a subject matter expert in simulating realistic attack scenarios, including social engineering, credential access, lateral movement, persistence, and ransomware-based attack paths, to assess and validate the organization’s ability to detect, respond to, and withstand real-world threats.
Responsibilities
- Serve as the lead operator for adversary emulation activities, executing end-to-end attack scenarios across enterprise environments.
- Plan and execute realistic attack chains including initial access, social engineering, credential access, lateral movement, persistence, and ransomware simulation.
- Act as the primary subject matter expert during Red Team engagements, guiding execution strategy and adapting based on environmental conditions.
- Translate threat intelligence, business risk, and known control gaps into prioritized attack scenarios.
- Collaborate with Threat Intelligence to ensure alignment with real-world adversary tactics, techniques, and procedures (TTPs).
- Partner with Incident Response and Detection Engineering teams to validate detection, response, and triage effectiveness during simulations.
- Expand findings beyond isolated vulnerabilities by chaining weaknesses into full attack paths.
- Document engagement activities, findings, and recommendations with a focus on actionable improvements.
- Support post-engagement reviews to identify detection gaps, control weaknesses, and response improvements.
- Aid in the development and refinement of adversary emulation methodologies, playbooks, and procedures.
- Collaborate with Application Security to validate whether vulnerabilities can be exploited in realistic scenarios.
- Maintain and operate Red Team infrastructure, tooling, and testing environments.
- Support tabletop exercises and purple team engagements to enhance organizational readiness.
- Stay current on emerging adversary techniques, tools, and tradecraft.
Requirements
- Bachelor’s degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience.
- 5+ years IT/Cybersecurity experience.
- Proven experience executing adversary emulation, Red Team, or advanced security testing activities.
- Strong understanding of attack methodologies across enterprise environments, including identity systems, endpoints, networks, and cloud platforms.
- Experience with social engineering techniques and user-focused attack vectors.
- Familiarity with lateral movement, privilege escalation, and persistence mechanisms.
- Understanding of ransomware behaviors and attack patterns.
- Experience operating within structured attack frameworks such as MITRE ATT&CK.
- Ability to adapt attack execution based on detection and defensive controls.
- Strong communication skills with the ability to translate technical findings into business risk.
- Ability to operate independently and lead complex engagements in dynamic environments.
Qualifications
- Required: Bachelor’s degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience.
- Required: 5+ years IT/Cybersecurity experience.
- Required: Proven experience executing adversary emulation, Red Team, or advanced security testing activities.
- Preferred: Relevant certifications such as OSCP, CRTO, GPEN, or similar are preferred.
- Preferred: Experience with command-and-control frameworks (e.g., Sliver, Cobalt Strike, or similar).
- Preferred: Familiarity with identity and Active Directory attack tooling (e.g., BloodHound, Impacket, Mimikatz or equivalent techniques).
- Preferred: Experience with reconnaissance and enumeration tools (e.g., Nmap, NetExec, or similar).
- Preferred: Exposure to phishing and social engineering platforms (e.g., GoPhish or equivalent).
- Preferred: Familiarity with cloud security assessment and attack tooling (e.g., ScoutSuite or similar platforms).
- Preferred: Experience managing Red Team infrastructure, including VPS environments, domain setup, and attack staging infrastructure.
- Preferred: Exposure to adversary emulation validation platforms or automated testing solutions preferred (e.g., Safe Breach).
- Preferred: Experience collaborating with SOC, Detection Engineering, or Incident Response teams in a CSOC or MSSP environment.
Pay
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range.
Schedule
This is a remote position.