Offensive Security & Red Team

Conducting penetration testing and vulnerability assessment of web applications, APIs, and cloud infrastructure

Planning and executing red team and purple team engagements to simulate advanced threat actors

Developing custom offensive tools, exploits, and automation frameworks to improve security testing coverage

Assessing Kubernetes and containerized environment security

Evaluating cloud infrastructure security across major cloud providers

Performing code review and architecture review to identify logic flaws and design weaknesses

Conducting threat modeling sessions with engineering teams to identify attack vectors

Chaining vulnerabilities together to demonstrate realistic business impact and lateral movement

Researching emerging attack techniques and adversary tradecraft to stay current on threats

Assessing CI/CD pipeline and supply chain security

Performing endpoint security testing on macOS and Linux systems

Conducting whitebox penetration testing with full access to source code and systems

Performing manual code-level inspections to uncover complex logic errors and authorization bypasses

Integrating and operationalizing security scanning and remediation tooling

Assessing distributed microservice ecosystems and service-to-service trust boundaries

Building hardened base images and reusable security libraries across systems

Performing reverse engineering and firmware analysis on hardware and silicon components

Identifying and exploiting AI/ML-specific attack surfaces including prompt injection and model exfiltration

Testing agentic AI systems and autonomous workflows for exploitation and abuse

Identifying novel attack surfaces and conducting security research on emerging risks

Developing automated defensive strategies and regression pipelines for non-deterministic AI risks

Testing vector databases, retrieval-augmented generation architectures, and LLM pipelines

Communicating technical security findings to both technical and non-technical stakeholders

Collaborating with engineering and product teams to validate remediations and drive security fixes

Embedding security into development lifecycle and design review processes

Leading and directing offensive security teams and cross-functional security initiatives