⭐ Key Responsibilities
• Plan, execute, and report Red Team operations , including adversary simulation, attack path mapping, and exploitation.
• Perform full‑scope penetration testing (infrastructure, AD, cloud, web/mobile applications).
• Develop and execute custom attack scenarios aligned to MITRE ATT&CK frameworks.
• Identify vulnerabilities and provide actionable remediation guidance to technology and business stakeholders.
• Conduct phishing, social engineering, and lateral movement testing across enterprise environments.
• Produce professional reports for cybersecurity leadership and regulatory reviews.
• Stay current with emerging exploits, TTPs, and offensive tooling.
Requirements
• 4 – 8 years of hands‑on experience in offensive security / red teaming / pentesting .
• Strong knowledge of exploitation techniques, AD attack paths, privilege escalation, lateral movement, and evasion.
• Solid experience with offensive frameworks/tools such as:
• Cobalt Strike, Metasploit, Empire, Havoc, Sliver, BloodHound, Impacket, Burp Suite, etc.
• Hands‑on experience with Active Directory security , Windows/Linux exploitation, and cloud (Azure/AWS) attack simulation preferred.
• Professional certifications are highly advantageous:
• OSCP, OSEP, OSWE, OSCE3, CRTP, CRTE, CREST CRT/CPSA , or similar.
• Experience in banking, fintech, or regulated environments (HKMA, GL20, C‑RAF) is a plus.
• Strong communication skills in English ; Cantonese/Mandarin an advantage.
