Stratum Security is looking for a senior-level red team security specialist to expand our team. 

Stratum is a boutique infosec consulting firm specializing in network, application, and cloud security assessments. This role is part of our offensive security team, which conducts adversarial simulations for Stratum customers in various industries. You will be a key player on a team of like-minded people who love the art of ethical hacking and adversary emulation. 

Our founders were pen testers who founded Stratum in 2005 to create a place for great security professionals to focus on their work and not big company headaches. 

We are not fans of standard job descriptions, so we compiled this FAQ. It's how we like consuming information, and think it works better than the typical format. 

Tell me more about the position. 

You will simulate real-world attacks against Stratum customers using the same tools, techniques, and processes that threat actors use. Then, you are expected to provide the customer with solid recommendations to prevent or detect successful attacks. It's really that simple. 

This is a consulting role, so there is high expectation for your ability to present information to both technical and non-technical audiences. You will be interacting with customer personnel at all levels and serving as a representative of Stratum. This includes conducting engagement kick-off meetings, providing updates as required, handling project issues, and explaining attack paths/chains along with security recommendations. Your ability to help customers understand your attack methodology, why certain risks matter (or not), and how best to improve their security posture is your prime responsibility. 

Other than red teaming, you will help to improve our overall offensive security capability. This may include evolving our attack methodologies, mentoring other team members, creating tools, sharing new techniques, and conducting research on new vulnerabilities and attack vectors. We also love it when team members want to write a blog post, speak at local security conferences, or get a speaking slot at an industry event. 

Q: What are some of the specific responsibilities and tasks for this position? 

A: A Senior Red Team member is responsible for: 

• Conducting comprehensive adversarial simulations against organizations  

• Leading red team engagements 

• Providing customers with expert security recommendations based on findings 

• Preparing attack narratives and reports in Stratum's simple template; delivering engagement briefings to customers as needed 

• Conducting peer reviews on other team members' reports 

• Mentoring mid-level red teamers as needed 

Q: What technical skills are required? 

A: A Senior Red Team member needs to have the following technical skills: 

• Strong understanding of enterprise security controls, concepts, solutions, etc. 

• Strong understanding of endpoint protection (e.g., EDR), bypass, and evasion 

• Strong understanding of Microsoft Active Directory and associated technology, concepts, within the context of offensive operations 

• Strong understanding of Linux within the context of offensive operations 

• Strong understanding of various C2 frameworks, post-exploitation operations, etc.  

• Familiarity with cloud platforms such as AWS and Azure 

• Familiarity with phishing attacks, credential-harvesting, domain name and DNS configuration, malicious attachments, etc.