Senior Red Team Operator – Enterprise Offensive Security NEW

Elite Red Team Position

This is not a mid-level role.This is not for lab-only testers.This is not compliance penetration testing.We are looking for operators who have personally executed real exploitation during professional engagements, not just vulnerability identification.

Core Responsibilities

Lead and execute advanced Red Team operations against enterprise environments.Simulate real-world attackers by performing:

• Initial access exploitation• Privilege escalation• Credential harvesting• Active Directory attacks• Lateral movement across systems• Persistence techniques

Achieve validated SYSTEM (Windows) or root (Linux) compromise during authorized Red Team exercises.Demonstrate realistic business impact through controlled exploitation scenarios.Document attack paths and produce clear technical reports describing:

• exploitation methodology• attack chain progression• affected systems• business risk and remediation recommendations

Mandatory Technical Requirements

Candidates must demonstrate proven offensive security capability, including:

• At least 10 real OS-level shell or RCE compromises personally executed during authorized engagements.

• Experience executing multi-stage attack chains, including:

Initial accessPrivilege escalationCredential harvestingLateral movement

• Strong post-exploitation capability beyond initial shell access.

• Practical experience exploiting enterprise Active Directory environments.

Active Directory Attack Experience

Candidates must demonstrate familiarity with common enterprise AD attack paths, including:

KerberoastingAS-REP RoastingACL abuseNTLM relay attacksDCSync attacks

Understanding of privilege escalation paths within Active Directory is expected.

Post-Exploitation Capability

Strong experience performing post-exploitation activities such as:

• system enumeration• credential extraction• privilege escalation• lateral movement• persistence mechanisms

Operators must be capable of continuing exploitation after initial access is obtained.

Important Clarification

The required exploitation experience must come from authorized professional environments, including:

• enterprise penetration testing engagements• Red Team adversary simulation exercises• internal enterprise testing infrastructure

The following do NOT count toward the required exploitation experience:

HackTheBoxTryHackMeCTF challengesbasic lab environmentsCandidates must demonstrate real exploitation depth, not platform achievements.

Technical Validation Process

All candidates undergo a structured technical validation process before interviews.Initial evaluation includes:

• written technical discussion• exploit chain explanations• scenario-based technical responses

Voice or video interviews are conducted only after the technical validation stage is successfully completed.

Required Experience

Minimum 5+ years of hands-on offensive security experience, including professional work in:

• Red Team operations• enterprise penetration testing• adversary simulation engagements

Strong understanding of:

• Active Directory attack paths• Kerberos abuse techniques• privilege escalation methods• credential harvesting techniques• lateral movement strategies

Communication RequirementsStrong written and spoken English communication skills.Candidates must be able to clearly explain:

• the vulnerability exploited• how exploitation was performed• the resulting system compromise• the potential business impact

Application Requirements

Serious applicants only.Applications should include:

• descriptions of real exploitation scenarios• technical write-ups (if available)• GitHub or research links (optional)

Candidates unable to demonstrate real exploitation depth will not proceed.

How to Apply

Apply through our careers page:https://sentrabytedigitalsolusi.com/careers

or send your application to:hr@sentrabytedigitalsolusi.comBefore applying, please ensure you can clearly describe:

1. At least one exploitation scenario where you achieved OS-level shell access.2. The exact access vector used.3. The privilege level obtained.4. Post-exploitation actions performed.

Applications without technical detail will not be reviewed.