Red Team Engineer

Red Team Engineer / Attack and Defense Drill Expert Job Responsibilities Red and Blue Team Exercises - Develop and execute penetration testing and confrontation plans that simulate real attack scenarios, identifying potential vulnerabilities in enterprise networks, applications, and systems. - Lead or participate in red and blue team exercises to assess the blue team's detection, response, and recovery capabilities, and promote collaborative optimization of attack and defense. Attack Surface Analysis - Identify the network exposure and potential risks of the enterprise, and propose effective mitigation and remediation suggestions. - Continuously monitor and collect threat intelligence, analyze attack trends, and translate them into actionable drill tactics. Tool and Technology Development - Develop and optimize red team tools and scripts for vulnerability exploitation, privilege escalation, lateral movement, etc. - Research and validate new attack techniques, simulating real threats in conjunction with business scenarios. - Build and maintain a red team arsenal (phishing template library, attack script library, 0Day/1Day exploit chain reproduction) to enhance tool utilization and reusability. Full-Cycle Reproduction of Attack Scenarios - Simulate and reproduce APT attack chains, restoring real attack processes based on threat intelligence to identify potential risks. - Simulate multi-stage intrusions covering personnel, endpoints, servers, front-end pages, and financial systems to achieve end-to-end attack and defense drills. Security Assessment and Reporting - Conduct penetration testing on critical business systems, internal networks, and cloud environments, producing detailed assessment reports and remediation recommendations. - Assist in improving security protection mechanisms and promote the overall optimization of the enterprise security system. Cross-Department Collaboration - Collaborate with the blue team to conduct attack reviews and vulnerability remediation, enhancing detection and response levels. - Support emergency response drills and develop security consulting to promote the implementation of security requirements. Job Requirements Basic Skills - Proficient in TCP/IP protocols, network architecture, and the principles and configuration of security devices. - Familiar with common attack techniques and tools (such as Sliver, NPS, Burp Suite, etc.). - Knowledgeable about the security mechanisms and exploitation methods of Windows, Linux, MacOS, and common web frameworks. Technical Abilities - Proficient in the entire process of penetration testing: information gathering, vulnerability scanning, internal network penetration, lateral movement, persistence, etc. - Mastery of one or more programming/script languages (Python, Go, Bash, etc.) with tool development capabilities. - Familiar with the working principles and bypass methods of enterprise-level security products (WAF, EDR, SIEM, etc.). Experience Requirements - Over 5 years of red team/penetration testing experience, with preference given to those with experience in large-scale attack and defense drill projects. - Preference for candidates with experience in reproducing APT attack chains, 0day/1day exploits, and building red team arsenals. Other Abilities - Strong documentation and technical reporting skills. - High sense of responsibility, teamwork spirit, and ability to work under pressure. - Preference for candidates holding security certifications such as OSCP, OSCE, CISSP, CISP, CEH, etc.