Manager Cybersecurity Red Team

ARE YOU READY TO RISE WITH PTCL GROUP

With our unwavering #ReadyToRise mindset, we have been recognized as an award-winning BEST PLACE TO WORK in the Telecom and Technology sector in Pakistan.

We are not just industry leaders; we are redefining excellence with groundbreaking solutions. PTCL Group stands out in the technology industry with its commitment to high-end innovation and leading the way in delivering integrated ICT and Cellular Network services in Pakistan, all rooted in our journey of Culture Transformation & Change Management.

PTCL Group actively cultivates an inclusive & diverse culture that values and uplifts every individual, regardless of their gender, social background, religion, belief, or disability.

PTCL Group Vision & Values:

With a clear vision to become the largest technology player and the national champion driving the digital transformation of Pakistan, PTCL Group is guided by a set of our unified core values:

· Be Resilient

· Think Big,

· Win Every Battle

· Value Success.

IN THIS ROLE YOU WILL

Lead our offensive security engineers in performing in-depth security assessments across telecom and IT infrastructures. As a Red Team Manager, you will be responsible for overseeing a team of highly skilled security professionals who simulate real-world cyberattacks to identify vulnerabilities and assess the resilience of our systems.

You will have the opportunity to influence the organization's security posture by collaborating with cross-functional teams, providing leadership and mentorship to your team, and ensuring the identification and mitigation of critical risks in both telecom and IT environments.

HOW CAN YOU EXPRESS YOUR TALENT

• Lead, mentor, and guide a team of offensive security engineers focused on telecom and IT security.
• Develop and execute a strategy for Red Team operations that aligns with the organization's security objectives.
• Ensure that security assessments are conducted in a professional, ethical, and thorough manner.
• Provide feedback, coaching, and career development for team members.
• Lead and manage Red Team exercises simulating adversarial attacks, both externally and internally, to test the effectiveness of security controls, process and people.
• Conduct risk assessments and identify potential weaknesses in IT and telecom systems, networks, applications, and devices.
• Oversee the planning, execution, and reporting of Red Team assessments and penetration tests.
• Collaborate with internal teams (e.g., IT, network operations, and telecom teams) to communicate findings and ensure proper mitigation of identified vulnerabilities.
• Ensure Red Team operations are aligned with industry best practices and emerging threat landscapes.
• Provide expert guidance on cybersecurity trends, threats, and attack vectors specific to telecom and IT systems.
• Work with senior management to define the organization's approach to proactive security, threat hunting, and vulnerability management.
• Prepare detailed reports and presentations outlining test results, findings, and actionable remediation recommendations.
• Deliver executive-level summaries of Red Team findings to stakeholders and leadership teams.
• Ensure that vulnerabilities discovered during Red Team engagements are tracked and remediated effectively.

WHAT YOU NEED TO BE SUCCESSFUL

Qualification:

• Bachelor's or Master's degree in Cybersecurity, Information Technology, Network Engineering, or a related field.
• Industry relevant certifications such as CEH, OSCP, OSCE, CRTO, CRTP, CRTE or similar Trainings & certifications.
• Relevant experience performing Penetration Testing, Offensive Security Assessments, Red/Purple Team engagements.
• 3+ years of experience in managing a team of ethical hackers, penetration testers & offensive security engineers.

In-depth understanding of leading Red Teaming frameworks e.g.

• ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)
• Cyber Kill Chain (by Lockheed Martin)
• TIBER (Threat Intelligence-Based Ethical Red Teaming)
• CBEST (Cybersecurity Baseline Evaluation and Simulation Test)
• AASE (Adversarial Attack Simulation Exercise)

Competencies:

Offensive Security & Red Team Operations:

• Hands-on experience conducting penetration testing to identify and exploit vulnerabilities in systems, networks, and applications.
• Experience leading Red Team operations and adversary simulations, mimicking real-world attacker tactics, techniques, and procedures (TTPs).
• Strong knowledge of common attack vectors such as phishing, social engineering, web application attacks, and network exploitation techniques.
• Post-exploitation and persistence: Maintaining access after a breach, including lateral movement and privilege escalation.
• Experience in exploiting cryptographic weaknesses, including encryption cracking and man-in-the-middle (MITM) attacks.
• Proficiency in advanced command-and-control (C2) frameworks like Cobalt Strike, including creation of Aggressor Scripts and Beacon Object Files (BOFs).
• Experience in custom exploit development and modifying existing exploits to automate workflows and simulate threat actor activities.

Exploit & Network Security:

• Expertise in identifying and exploiting weaknesses in network infrastructures, including protocols and configurations.
• Proficient in web application security testing, including vulnerabilities such as SQL Injection, XSS, and CSRF, using various security testing tools.
• Experience in bypassing modern defensive controls such as EDRs, network defenses, and email filters.

Programming & Scripting:

• Strong understanding of object-oriented programming languages (e.g., C/C++, C#, Java).
• Proficiency in scripting languages (e.g., Python, PowerShell, BASH) to automate tasks and exploit vulnerabilities.

Telecom & IT Security:

• Extensive experience with telecom infrastructure security (e.g., VoIP, mobile networks, signaling, wireless technologies) and IT systems security (e.g., network security, cloud services, and endpoint security).
• In-depth knowledge of network security protocols, wireless communications, VoIP security, telecom systems, and IT security frameworks.
• Familiarity with cloud security risks, including testing of cloud platforms like AWS, Azure, and Google Cloud, and containerized or serverless environments.
• Experience with vulnerability management, incident response, and threat hunting activities.

PTCL Group's family-centric policies, offering 6-month maternity and 30-day paternity leave, along with a hybrid work model, redefine the workplace for a balanced and fulfilling career.

#ExpressYourTalent #ReadyToRise #TayyarHo