T&T | Cyber: D&R I Red Teaming | Assistant Manager I Mumbai

Your potential, unleashed.India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organisations shaping the future of the region, and indeed, the world beyond.At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.The teamDeloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risksYour work profileWe are looking for Pen Testers and Red Teamers in our Cyber Team. As part of your work profile, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: -Key Responsibilities:- Plan and execute Red Team engagements simulating realistic threat actor scenarios (external, internal, and physical). - Conduct assumed breach assessments, initial access simulations, lateral movement, and exfiltration exercises. - Leverage MITRE ATT&CK framework to design threat scenarios and map findings. - Exploit misconfigurations and vulnerabilities in Active Directory, cloud environments, and enterprise infrastructure. - Use and integrate CART/BAS tools like Cymulate, Pycus, or similar platforms to automate and validate security posture. - Work with Blue Teams to measure detection, prevention, and response capabilities post-engagement. - Develop comprehensive reports with actionable remediation recommendations. - Conduct threat emulation based on industry-specific APT groups relevant to the BFSI sector. - Stay updated on emerging threats, attack techniques, and countermeasures. - Support internal and client-facing security awareness, purple teaming, and tabletop exercises.Required Skills & Experience:- Minimum 3 years of hands-on experience in offensive security / red teaming roles. - Proficient in TTPs for Red Team operations, including phishing, C2 infrastructure, evasion techniques, privilege escalation, and data exfiltration. - In-depth understanding of Windows internals, Active Directory attacks (Kerberoasting, Pass-the-Hash/Ticket, ACL abuse, DCShadow, etc.). - Solid understanding of network protocols, cloud platforms, and endpoint security bypass techniques. - Familiarity with attack simulation tools, custom scripting, and open-source frameworks (Cobalt Strike, Metasploit, Empire, Covenant, etc.). - Experience in physical security assessments, badge cloning, RFID/NFC exploitation, and social engineering (preferred). - Strong knowledge of MITRE ATT&CK, NIST , and equivalent frameworks. - Ability to document findings, map them to risk frameworks, and present to both technical and executive stakeholders. - Tools Exposure: Cymulate, Pycus, or other CART/BAS platforms.Preferred Qualifications:- CRTP, OSCP, OSCP++, CRTE, CRTM- Any of them are mandatory. - Prior experience in BFSI sector engagements. - Understanding of compliance and regulatory requirements in financial institutions (e.g., RBI, SEBI, ISO 27001).Desired Education :- B.Tech/M.Tech/ Bachelor's Degree

Apply Now