Senior Security Engineer - Red Team chez Toyota Tsusho Systems

Description

We are seeking a skilled and motivated Senior Security Engineer - Red Team to join our offensive security team. The ideal candidate will drive the development of advanced red teaming tools and methodologies, conduct comprehensive assessments across on-premises and cloud environments, and simulate sophisticated threat scenarios to identify and mitigate security vulnerabilities. This role requires a deep understanding of offensive security tactics, attack frameworks, and the ability to communicate findings effectively to both technical and executive stakeholders.

Key Responsibilities:

- Developing and refining internal red team scripts, tools, and methodologies to enhance offensive security operations.

- Research, validate, and exploit known attacks, vulnerabilities, and security weaknesses using custom-built or existing tools.

- Conduct thorough Red Team assessments targeting on-premises infrastructure, cloud environments, and enterprise threat landscapes.

- Identify vulnerabilities across software, systems, networks, and business logic through simulated adversarial tactics.

- Design and execute complex threat emulation scenarios incorporating physical, social engineering, and digital attack vectors.

- Produce detailed, accurate, and actionable reports and presentations tailored for both technical teams and executive leadership.

- Collaborate closely with other security teams to support remediation efforts and improve overall security posture.

- Stay current with emerging threats, attack techniques, and security technologies to continuously evolve red team capabilities.

- Conduct Purple Team exercises in collaboration with partner security teams to identify and improve the organization's security posture.

Requirements

- Minimum 5 years of hands-on offensive security experience, preferably within Red Team or penetration testing roles.

- Strong familiarity with attack frameworks (e.g., MITRE ATT&CK) and corresponding mitigation strategies.

- Proficient with common Command and Control (C2) frameworks such as Sliver, Mythic, and Cobalt Strike.

- Relevant security certifications such as CRTO (Certified Red Team Operator), OSCP (Offensive Security Certified Professional), or equivalent.

- Demonstrated ability to develop custom offensive tools or scripts to support red team operations.

- Excellent communication skills with the ability to convey complex technical findings to diverse audiences.

- Experience with cloud security assessments (AWS, Azure, GCP) is a plus.

- Strong problem-solving skills and a proactive approach to security challenges.

Preferred Skills:

- Knowledge of physical security testing and social engineering tactics.

- Familiarity with scripting languages such as Python, PowerShell, or Bash.

- Experience working in agile or DevSecOps environments.

- Understanding of enterprise network architectures and security controls.