Red Team Security Engineer

Red Team Security Engineer

Astranis is looking for a Red Team Security Engineer who thinks like an adversary and views security as an art form. Our ideal candidate thrives on the challenge of finding novel ways to bypass defenses and has a natural talent for uncovering hidden attack paths. We need a creative, persistent, and resourceful individual who can emulate real-world threat actors, testing our resilience from every angle—cyber, physical, and human. This role is for the hacker at heart, dedicated to making our defenses stronger by proving where they can be broken.

Role

• Actively devise and execute sophisticated, multi-stage attack campaigns that emulate the tactics, techniques, and procedures (TTPs) of relevant threat actors.
• Identify and exploit vulnerabilities across the organization's digital and physical landscapes, including networks, applications, facilities, and personnel.
• Conduct covert red team operations, including network penetration testing, application security assessments, social engineering, and physical security breach simulations.
• Lead and participate in purple team exercises, working collaboratively with the blue team to analyze attack paths, test detection capabilities, and improve incident response playbooks in real-time.
• Assess the effectiveness of remediation efforts by re-testing identified vulnerabilities and attack paths after fixes have been implemented.
• Develop custom tooling and scripts to automate and enhance attack simulations.
• Create detailed post-engagement reports that clearly document findings, articulate business risk, and provide actionable recommendations for improving security posture.
• Act as the resident subject matter expert on offensive security and threat actor methodologies.

Requirements

• 3+ years of experience in an offensive security role (e.g., Red Teaming, Penetration Testing).
• Proven experience in planning and executing covert red team operations from reconnaissance to objective completion.
• A deep understanding of attacker TTPs and frameworks like MITRE ATT&CK.
• Proficient in at least one scripting language, such as Python, for tooling and automation.
• Hands-on experience with common offensive security tools (e.g., Cobalt Strike, Metasploit, Burp Suite, custom implants).
• Strong analytical and problem-solving skills with a creative and unconventional mindset.
• Ability to work both independently and collaboratively in a team environment.
• Excellent written and oral communication skills, with the ability to articulate complex technical risks to both technical and non-technical audiences.
• Don’t meet all the requirements? Not a problem. Please apply anyway.

Bonus

• Any relevant certifications such as OSCP, OSCE, or OSEP.
• Experience with physical security assessments or social engineering campaigns.
• Previous experience building and running a red team program.