Offensive Security & Red Team

Planning and executing red team and purple team engagements against complex infrastructure and applications

Conducting penetration testing across web applications, APIs, mobile clients, and cloud infrastructure

Developing custom offensive tools, exploits, and automation frameworks

Conducting threat modeling sessions with engineering teams to identify attack vectors

Assessing cloud security across multiple platforms including AWS, GCP, and Azure

Simulating sophisticated adversary tactics and chaining vulnerabilities to demonstrate business impact

Researching emerging attack techniques and adversary tradecraft

Performing whitebox code review and vulnerability analysis to identify logic flaws and authorization bypasses

Evaluating Kubernetes and container security in production environments

Testing endpoint security on macOS and Linux systems

Assessing CI/CD pipeline security and supply chain integrity

Building secure-by-design systems and embedding security into development lifecycle

Developing and maintaining security tooling and hardened base configurations

Performing network penetration testing and lateral movement exploitation

Performing mobile security testing on iOS and Android platforms

Reverse engineering firmware, bootloader images, and hardware components

Testing hardware-software interactions and secure boot processes

Identifying and exploiting AI/ML-specific attack surfaces including prompt injection, model exfiltration, and agent abuse

Testing AI-integrated and LLM-powered applications for unique security vulnerabilities

Identifying novel attack surfaces in distributed AI systems and agentic workflows

Automating security testing and developing regression pipelines for vulnerability detection

Researching LLM misuse scenarios and developing forward-looking defensive strategies

Writing clear, actionable security findings for both technical and executive audiences

Collaborating with defensive security and engineering teams to validate and remediate findings

Influencing security strategy and launch criteria through attacker perspective insights

Triaging vulnerabilities and coordinating remediation across internal and external teams

Operating with technical depth as a player-coach, managing teams and individual execution