Senior Red Team Operator
Cleveland, TN - USA
Job Summary
The Threat Management Senior Red Team Operator is a cybersecurity professional responsible for leading and executing end-to-end adversary emulation activities across the enterprise. This role serves as a subject matter expert in simulating realistic attack scenarios including social engineering credential access lateral movement persistence and ransomware-based attack paths to assess and validate the organizations ability to detect respond to and withstand real-world threats.
The Red Team Operator is not a traditional penetration tester but instead focuses on full attack chain execution aligned to threat-informed scenarios business risk and known control gaps. This role requires a strategic and technical operator capable of planning coordinating and executing complex engagements while collaborating closely with Incident Response Threat Intelligence Detection Engineering and Application Security teams to drive measurable improvements in enterprise security posture.
This role reports directly to the Senior Manager Threat Management
Responsibilities
- Serve as the lead operator for adversary emulation activities executing end-to-end attack scenarios across enterprise environments.
- Plan and execute realistic attack chains including initial access social engineering credential access lateral movement persistence and ransomware simulation.
- Act as the primary subject matter expert during Red Team engagements guiding execution strategy and adapting based on environmental conditions.
- Translate threat intelligence business risk and known control gaps into prioritized attack scenarios.
- Collaborate with Threat Intelligence to ensure alignment with real-world adversary tactics techniques and procedures (TTPs).
- Partner with Incident Response and Detection Engineering teams to validate detection response and triage effectiveness during simulations.
- Expand findings beyond isolated vulnerabilities by chaining weaknesses into full attack paths.
- Document engagement activities findings and recommendations with a focus on actionable improvements.
- Support post-engagement reviews to identify detection gaps control weaknesses and response improvements.
- Assist in the development and refinement of adversary emulation methodologies playbooks and procedures.
- Collaborate with Application Security to validate whether vulnerabilities can be exploited in realistic scenarios.
- Maintain and operate Red Team infrastructure tooling and testing environments.
- Support tabletop exercises and purple team engagements to enhance organizational readiness.
- Stay current on emerging adversary techniques tools and tradecraft.
This is a remote position.
This position is not eligible for sponsorship for work authorization now or in the future including conversion to H1-B visa. Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future.
Job duties include contact with other employees and access confidential and proprietary information and/or other items of value and such access may be supervised or unsupervised. TheCompany therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Companys staff employees and business relationships.
Qualifications
Formal Education & Certification
- Bachelors degree (or foreign equivalent) in a Computer Science Computer Engineering or Information Technology field of study (e.g. Information Technology Electronics and Instrumentation Engineering Computer Systems Management Mathematics) or equivalent experience.
- Relevant certifications such as OSCP CRTO GPEN or similar are preferred.
Knowledge & Experience
- 5 years IT/Cybersecurity experience.
- Proven experience executing adversary emulation Red Team or advanced security testing activities.
- Strong understanding of attack methodologies across enterprise environments including identity systems endpoints networks and cloud platforms.
- Experience with social engineering techniques and user-focused attack vectors.
- Familiarity with lateral movement privilege escalation and persistence mechanisms.
- Understanding of ransomware behaviors and attack patterns.
- Experience operating within structured attack frameworks such as MITRE ATT&CK.
- Ability to adapt attack execution based on detection and defensive controls.
- Strong communication skills with the ability to translate technical findings into business risk.
- Ability to operate independently and lead complex engagements in dynamic environments.
Preferred Experience
- Experience with command-and-control frameworks (e.g. Sliver Cobalt Strike or similar).
- Familiarity with identity and Active Directory attack tooling (e.g. BloodHound Impacket Mimikatz or equivalent techniques).
- Experience with reconnaissance and enumeration tools (e.g. Nmap NetExec or similar).
- Exposure to phishing and social engineering platforms (e.g. GoPhish or equivalent).
- Familiarity with cloud security assessment and attack tooling (e.g. ScoutSuite or similar platforms).
- Experience managing Red Team infrastructure including VPS environments domain setup and attack staging infrastructure.
- Exposure to adversary emulation validation platforms or automated testing solutions preferred (e.g. Safe Breach)
- Experience collaborating with SOC Detection Engineering or Incident Response teams in a CSOC or MSSP environment.
- Must be eighteen years or older.
Required Experience:
Senior IC
About Company
At Sherwin-Williams, our purpose is to inspire and improve the world by coloring and protecting what matters. Our paints, coatings and innovative solutions make the places and spaces in our world brighter and stronger. Your skills, talent and passion make it possible to live this purp ... View more