Job Details

Red Team Lead at T-Bank in Moscow. Experience: 3-6 years. Salary: from 430,000 ₽. Responsibilities include managing offensive operations, implementing attack prioritization, and developing the BAS platform.

• Responsible for achieving goals for the quantity and quality of attack scenarios. Current volume - 20+ attack scenarios, 12+ APT simulations, 24+ tool tests per year. • Planning and coordinating offensive operations: selecting targets, developing scenarios, monitoring execution. • Implementing and developing methods for prioritizing attack targets based on asset criticality, TI data, coverage gaps, and stakeholder requests. • Organizing purple-teaming activities, communicating with Threat Hunting, CSIRT, InfraSec. • Managing the process of transferring discovery tasks to related DIB products. • Monitoring SLA for processing incoming offensive requests. • Developing the BAS platform: attack automation, expanding Kill Chain coverage. • Supervising research activities: new TTPs, tool development, PoCs. • Integrating Threat Intelligence data into offensive operations. • Presenting the team's results: speaking at internal and external venues. • Communicating with stakeholders: Risk Management, CIRT, Vulnerability Management, DIB management. • Fostering a Continuous Testing culture.

• Experience managing a team or working as a technical lead in offensive or security areas for at least a year. • Worked in the financial sector or large technology companies. • Experience in a product structure: with OKRs, metrics, stakeholder management. • Implemented or worked with BAS platforms: Caldera, Atomic Red Team, proprietary solutions. • Applied LLM/AI in the context of Offensive Security or automation. • Developed undetectable tools: Evasion, Custom C2, Loader Development. • Conducted full-scale red team operations - from Initial Access to Objectives. • Worked with corporate infrastructure: Active Directory, FreeIPA, network segmentation, endpoint technologies. • Experience in Purple Teaming: interacted with Blue Team, jointly developed detections, transferred artifacts. • Experience in tool development: modification of open-source tooling, scripting - Python, Go, C/C#, PowerShell. • Deep understanding of MITRE ATT&CK, Kill Chain, TTPs of APT groups. • Understanding of IDS operation - EDR, SIEM, NTA, WAF - and methods of bypassing them. • Ability to plan and prioritize team's work, set goals, track results. • Ability to present results to technical and management audiences. • Knowledge of Threat Intelligence methodologies, worked with TI feeds and APT reports. • Organized and conducted IR exercises. • Spoken at cybersecurity conferences, published articles, contributed to Open Source.