Senior Red Team / Penetration Tester at Ascentech Services Limited

Role summary

We’re looking for a hands-on Senior Red Team / Penetration Tester to lead offensive security engagements that emulate sophisticated threat actors and uncover real-world risks. You’ll design and execute targeted red-team operations and deep technical penetration tests across web, cloud, network, identity and physical security controls, then translate findings into prioritized remediation and measurable risk reduction.

Key responsibilities

• Plan and execute targeted red-team engagements and penetration tests across cloud (Azure), on-prem, network, AD, web apps, APIs, and container/Kubernetes environments.
• Develop realistic adversary emulations (TTPs) mapped to MITRE ATT&CK and run Purple Team sessions to validate detections and playbooks.
• Safely run exploit and persistence techniques in controlled environments, documenting impact, blast radius, and remediation.
• Create high-quality pentest deliverables: executive summary, technical findings, risk ratings, PoCs, step-by-step remediation, and detection tuning recommendations.
• Work with SOC/Detection & Response to improve SIEM/EDR/IDS rules and SOAR playbooks — validate detection efficacy after fixes.
• Drive continuous improvement: exploit research, tooling, automation for red-team ops, and custom tooling where needed.
• Assist with threat hunting exercises and retrospective post-incident adversary TTP mapping.
• Ensure legal and ethical compliance: create and follow Rules of Engagement (RoE), coordinate maintenance windows and stakeholder approvals.
• Mentor junior red/pentest engineers and participate in hiring/interviewing.

Required experience & qualifications

•  2+ years of professional penetration testing / offensive security experience with a track record of end-to-end red-team engagements.
•  Deep, practical experience attacking Active Directory environments, Windows/Mac/Linux post-exploitation and lateral movement.
•  Strong application security skills (modern web apps, APIs, mobile) and experience with cloud attack surfaces (AWS, Azure, GCP).
•  Excellent hands-on skills with common offensive tools and frameworks (e.g., Cobalt Strike, BloodHound, Metasploit, Burp Suite, Nmap, Empire, Impacket) and the ability to write/modify scripts (Python, PowerShell, Bash).
•  Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience (or relevant certifications and demonstrable skills)