Toyota Tsusho Systems

Compensation

Full Description

We are seeking a skilled and motivated Senior Security Engineer - Red Team to join our offensive security team. The ideal candidate will drive the development of advanced red teaming tools and methodologies, conduct comprehensive assessments across on-premises and cloud environments, and simulate sophisticated threat scenarios to identify and mitigate security vulnerabilities. This role requires a deep understanding of offensive security tactics, attack frameworks, and the ability to communicate findings effectively to both technical and executive stakeholders. Key Responsibilities: - Developing and refining internal red team scripts, tools, and methodologies to enhance offensive security operations. - Research, validate, and exploit known attacks, vulnerabilities, and security weaknesses using custom-built or existing tools. - Conduct thorough Red Team assessments targeting on-premises infrastructure, cloud environments, and enterprise threat landscapes. - Identify vulnerabilities across software, systems, networks, and business logic through simulated adversarial tactics. - Design and execute complex threat emulation scenarios incorporating physical, social engineering, and digital attack vectors. - Produce detailed, accurate, and actionable reports and presentations tailored for both technical teams and executive leadership. - Collaborate closely with other security teams to support remediation efforts and improve overall security posture. - Stay current with emerging threats, attack techniques, and security technologies to continuously evolve red team capabilities. - Conduct Purple Team exercises in collaboration with partner security teams to identify and improve the organization's security posture. - Minimum 5 years of hands-on offensive security experience, preferably within Red Team or penetration testing roles. - Strong familiarity with attack frameworks (e.g., MITRE ATT&CK) and corresponding mitigation strategies. - Proficient with common Command and Control (C2) frameworks such as Sliver, Mythic, and Cobalt Strike. - Relevant security certifications such as CRTO (Certified Red Team Operator), OSCP (Offensive Security Certified Professional), or equivalent. - Demonstrated ability to develop custom offensive tools or scripts to support red team operations. - Excellent communication skills with the ability to convey complex technical findings to diverse audiences. - Experience with cloud security assessments (AWS, Azure, GCP) is a plus. - Strong problem-solving skills and a proactive approach to security challenges. Preferred Skills: - Knowledge of physical security testing and social engineering tactics. - Familiarity with scripting languages such as Python, PowerShell, or Bash. - Experience working in agile or DevSecOps environments. - Understanding of enterprise network architectures and security controls.