Job Summary:
CareCloud is seeking a Red Team Engineer who will be responsible for proactively identifying and exploiting security vulnerabilities across the organization’s networks, applications, and infrastructure. This role simulates real-world cyberattack scenarios to assess the effectiveness of existing security controls and enhance the organization’s overall security posture and resilience against emerging threats.
Key Responsibilities:
- Conduct advanced penetration testing on networks, applications, APIs, and cloud environments
- Perform red teaming exercises simulating real-world cyberattacks and adversary behaviors
- Identify, exploit, and validate vulnerabilities in internal and external systems
- Develop and execute attack scenarios to evaluate detection and response capabilities
- Bypass security controls such as EDR, SIEM, WAF, and IAM systems
- Research and test latest vulnerabilities (CVE-based threats) relevant to the organization
- Perform post-exploitation activities including privilege escalation, lateral movement, and persistence
- Conduct social engineering assessments (phishing, vishing, etc.) where permitted
- Collaborate with Blue Team / SOC to improve threat detection and incident response
- Prepare detailed technical reports outlining findings, risk impact, and remediation recommendations
- Develop custom scripts, payloads, and tools for offensive security testing
- Continuously assess and improve the organization’s security posture
- Stay updated with emerging threats, tools, and adversary tactics (TTPs)
Required Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field
- Minimum 3 years of hands-on experience in penetration testing or red team operations
- Strong knowledge of Windows, Linux, Active Directory, cloud environments, and enterprise networks.
- Experience with attack frameworks and adversary emulation.
Preferred Qualifications
Skills Required
- Strong understanding of network protocols and operating systems (Windows/Linux)
- Experience with cloud platforms such as Azure and AWS
- Proficiency in security testing tools (e.g., Metasploit, Burp Suite, Cobalt Strike, Nmap, BloodHound)
- Knowledge of MITRE ATT&CK framework and adversary simulation techniques
- Experience in web application and API security (OWASP Top 10)
- Understanding of Active Directory attacks and post-exploitation techniques
- Familiarity with endpoint security controls and evasion techniques
- Proficiency in scripting/programming (Python, PowerShell, Bash)
Application Question(s):
- Willing to relocate to Bagh AJK?
- What is your current salary? (IN PKR)
*
What is your expected salary? (IN PKR)
- How early you can join us? (IN DAYS)
- Are you willing to work in Rotational Shift?
Work Location: In person