CYE is looking for a Cyber Security Expert with hands-on experience in offensive security, possessing strong technical capabilities, in-depth knowledge of adversary simulation, and a passion for Red Team operations.
CYE is a cybersecurity firm specializing in advanced adversary simulation and offensive security testing. We deliver Red Team assessments for Fortune 500 companies, simulating sophisticated, real-world attacks across external, internal, cloud and Active Directory environments. Our services span both stealth-based Red Team operations and risk-focused assessments, covering a wide range of attack surfaces including on-premise and cloud environments.

Responsibilities

• Participate in Red Team assessments that simulate real-world threats and remain undetected by the client's defensive team. These stealth operations simulate advanced adversaries and require careful planning, execution, and OPSEC
• Lead or co-lead portions of internal and external offensive assessments, including perimeter exploitation and post-exploitation in Active Directory
• Perform Purple Team engagements to help clients improve their monitoring and detection capabilities while sharpening your own offensive skills
• Document attack paths, risk analysis, technical findings and remediation guidance in detailed reports tailored to both technical and executive audiences.
• Collaborate with the team to develop and maintain internal tooling, scripts, and documentation for offensive operations
• Continuously research and test new techniques, tools, and attack paths to further enhance CYE's Red Team capabilities

Requirements

• 2+ years of hands-on experience in offensive security, red teaming, or penetration testing
• Hands-on experience with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver)
• Strong understanding of Active Directory, domain escalation paths, Kerberos, trust relationships, GPO abuse, credential access, etc.
• Proficiency in various offensive techniques such as Relay Attacks, Coercion, Kerberos Attacks, Privilege Escalation, etc.
• Familiarity with network protocols (e.g., SMB, DNS, LDAP, HTTP) and system internals (Windows and Linux)
• Strong understanding of OPSEC considerations during covert operations
• Ability to present and produce clear and actionable technical reports and documentation in English
• Experience working in client-facing roles or as part of structured engagements
• Proficient in one or more scripting/programming languages: Python, PowerShell, C#, or C++

Advantages

• Knowledge of MITRE ATT&CK, threat emulation frameworks, and adversary tactics
• Previous contributions to open source offensive security tools or research
• High Advantage: Experience in at least one of the cloud attack surfaces (Azure, AWS, GCP)
• Experience and familiarity with security best practices in Kubernetes-based (K8s) infrastructure
• Familiarity with EDR/XDR and other security products (e.g., CrowdStrike, Microsoft Defender, etc.) and common evasion techniques
• Relevant certifications such as OSCP, OSCE, CRTO, GXPN, or equivalent
• High level of spoken and written English, including the ability to clearly explain technical topics to both technical and non-technical audiences