- Company Name
- TC Energy
- Job Title
- Offensive Security Advisor (Red Team)
- Job Description
-
**Job Title**
Offensive Security Advisor (Red Team)
**Role Summary**
Lead the enterprise red‑team testing program to validate and strengthen security controls and incident response capabilities. Act as an adversary‑simulating defender, planning and executing dynamic attacks, collaborating with blue teams, and reporting actionable findings.
**Expectations**
- Deliver high‑quality offensive security assessments that remain compliant with engagement rules.
- Translate technical findings into clear, business‑grade recommendations.
- Continuously improve attack playbooks, tools, and processes to keep pace with evolving threats.
**Key Responsibilities**
- Conduct field‑edged reconnaissance of network environments using industry tools and threat intelligence.
- Design and execute realistic attack simulations to expose weaknesses in systems, networks, and applications.
- Exploit identified vulnerabilities to validate control effectiveness and trigger incident‑response tests.
- Partner with blue‑team partners to optimize detection, triage, and containment processes.
- Manage and maintain red‑team infrastructure and tooling pipeline.
- Engage third‑party providers to coordinate exercises and ensure alignment with organizational policies.
- Track and ensure closure of remediation actions initiated by assessments.
- Produce concise reports and executive summaries of assessment outcomes and improvement plans.
- Develop, review, and enhance red‑team procedures, templates, and frameworks.
- Act as on‑site subject‑matter expert during event response situations.
**Required Skills**
- 5+ years IT or industrial control systems experience; 3+ years in information security.
- Advanced proficiency in networking (TCP/IP, DNS, UDP, BGP), SOC, IAM, SIEM, DLP, EDR, threat intelligence, incident response.
- Mastery of manual penetration‑testing techniques, OWASP Top 10, MITRE ATT&CK, CVSS, and vulnerability exploitation.
- Ability to construct attack plans from vulnerability reports, pentest findings, and static/dynamic analysis outputs.
- Solid communication skills; translate complex technical details into stakeholder‑friendly language.
- Strong analytical, prioritization, and interpersonal skills; thrive in high‑pressure environments.
- Knowledge of information‑security standards (NIST, COBIT 5, ISO 27001) and regulatory compliance.
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Information Security, Computer Engineering, or related technical field.
- Professional certifications such as Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent recognized credentials.