Red Team Engineer

Red Team Engineer - Gurugram, Haryana

V Patrol AI Pvt Ltd is seeking a skilled Red Team Engineer to join our team in Gurugram, Haryana. This role focuses on simulating real-world attacks to uncover security vulnerabilities across infrastructure, applications, and networks. You will be involved in hands-on offensive security, including command-and-control (C2) operations, advanced tunneling, and in-depth protocol-level exploitation.

Key Responsibilities

• Conduct comprehensive red team engagements simulating advanced adversary tactics across network, application, and cloud environments.
• Design, deploy, and manage secure Command & Control (C2) infrastructure for covert operations.
• Perform in-depth network penetration testing, encompassing both internal and external attack simulations.
• Develop and implement sophisticated tunneling techniques, such as pivoting and SOCKS proxies, to bypass network restrictions and achieve deeper access.
• Execute protocol-level security assessments for critical database services including Redis, MSSQL, PostgreSQL, and MongoDB.
• Identify and exploit misconfigurations, weak authentication mechanisms, and privilege escalation paths within database services.
• Master lateral movement and persistence techniques within compromised environments to simulate advanced persistent threats (APTs).
• Assess and exploit weaknesses in CI/CD pipelines (e.g., GitHub, GitLab, Jenkins) to understand and mitigate supply chain risks.
• Collaborate closely with blue team and engineering teams to validate findings, provide actionable insights, and enhance overall security defenses.
• Produce detailed reports outlining attack paths, impact analysis, and clear remediation guidance for identified vulnerabilities.

Required Skills & Experience

• Demonstrated strong hands-on experience in Red Teaming and Offensive Security practices.
• Proficiency with leading C2 frameworks such as Cobalt Strike, Sliver, Mythic, or similar tools.
• Deep understanding of network protocols, security principles, and penetration testing methodologies.
• Proven experience with tunneling, pivoting, and advanced evasion techniques.
• Solid knowledge of database security testing, including:
• Redis exploitation (e.g., unauthenticated access, RCE vectors).
• MSSQL exploitation (e.g., xp_cmdshell, privilege escalation).
• Understanding of PostgreSQL and MongoDB security weaknesses.
• Experience testing network services and infrastructure, including port scanning, firewall analysis, and segmentation bypass techniques.
• Understanding of CI/CD systems and associated security implications:
• GitHub / GitLab pipeline security.
• Jenkins configurations and common misconfigurations.
• Familiarity with scripting languages like Python, Bash, or similar for automation and payload development.
• Proficiency with essential security tools including Nmap, Metasploit, Burp Suite, BloodHound, Impacket, and others.

Work Location: In person