Role: Actively devise and execute sophisticated, multi-stage attack campaigns that emulate the tactics, techniques, and procedures (TTPs) of relevant threat actors. Identify and exploit vulnerabilities across the organisation's digital and physical landscapes, including networks, applications, facilities, and personnel. Conduct covert red team operations, including network penetration testing, application security assessments, social engineering, and physical security breach simulations. Lead and participate in purple team exercises, working collaboratively with the blue team to analyse attack paths, test detection capabilities, and improve incident response playbooks in real-time. Assess the effectiveness of remediation efforts by re-testing identified vulnerabilities and attack paths after fixes have been implemented. Develop custom tooling and scripts to automate and enhance attack simulations. Create detailed post-engagement reports that clearly document findings, articulate business risk, and provide actionable recommendations for improving security posture. Act as the resident subject matter expert on offensive security and threat actor methodologies.

Requirements: 3+ years of experience in an offensive security role (e.g., Red Teaming, Penetration Testing). Proven experience in planning and executing covert red team operations from reconnaissance to objective completion. A deep understanding of attacker TTPs and frameworks like MITRE ATT&CK. Proficient in at least one scripting language, such as Python, for tooling and automation. Hands-on experience with common offensive security tools (e.g., Cobalt Strike, Metasploit, Burp Suite, custom implants). Strong analytical and problem-solving skills with a creative and unconventional mindset. Ability to work both independently and collaboratively in a team environment. Excellent written and oral communication skills, with the ability to articulate complex technical risks to both technical and non-technical audiences.

Bonus: Any relevant certifications such as OSCP, OSCE, or OSEP. Experience with physical security assessments or social engineering campaigns. Previous experience building and running a red team program.

What we offer: All our positions offer a compensation package that includes equity and robust benefits. Base pay is just one component of Astranis’s total rewards package. Your compensation also includes a significant equity package via incentive stock options, high-quality company-subsidized healthcare, disability and life insurance, 401(k) retirement planning, flexible PTO, and free on-site catered meals.

XML job scraping automation by YubHub