Senior Red Team Analyst

Foundation Risk Partners, one of the fastest growing insurance brokerage and consulting firms in the US, is adding a Senior Red Team Analyst to their team.

This role is fully remote with travel once a quarter to the office in Longwood, FL.

Job Summary:

The Red Team Analyst is responsible for conducting adversary simulation and offensive security testing to evaluate the effectiveness of the organization’s people, processes, and technology against real‑world threats. This role emulates advanced threat actors using recognized frameworks such as MITRE ATT&CK, with the goal of identifying control gaps, detection blind spots, and response inefficiencies.

This role works independently from day‑to‑day the Blue Team (Security Operations and Security Engineering) partners closely GRC, and executive leadership to provide objective, evidence‑based assessments that drive continuous improvement in the organization’s security posture.

Essential Functions:

• Adversary Simulation & Red Team Operations
  • Design and execute red team exercises, including assumed breach, black box, gray box, and purple team–assisted scenarios.
  • Emulate realistic threat actor behavior across the kill chain, including reconnaissance, initial access, persistence, privilege escalation, lateral movement, command and control, and exfiltration.
  • Develop and maintain custom attack techniques and tooling aligned to evolving threat intelligence and MITRE ATT&CK techniques.
  • Conduct phishing, social engineering, and identity centric attack simulations where authorized.
• Detection & Control Validation
  • Test the effectiveness of preventative, detective, and responsive controls across endpoints, identity, email, network, and cloud environments.
  • Identify detection gaps and false negatives in security tooling, such as SIEM, XDR, EDR, and identity protection platforms.
  • Produce measurable outcomes on time to detect (TTD) and time to respond (TTR) to inform operational maturity.
• Purple Team Collaboration
  • Partner with Blue Team to safely validate detections during controlled exercises.
  • Translate offensive findings into actionable defensive improvements, including detection engineering use cases
  • Participate in post exercise debriefs and lessons learned sessions.
• Reporting & Executive Communication
  • Produce clear, defensible reports detailing attack paths, findings, blast radius, and business impact.
  • Map findings to MITRE ATT&CK, NIST CSF, and internal control frameworks to support audit and risk management activities.
  • Present results to technical teams and executive leadership in a way that balances realism with risk context.
• Continuous Improvement
  • Track remediation progress and validate corrective actions through targeted retesting.
  • Stay current on emerging threats, red team tooling, and adversary tradecraft.
  • Contribute to the organization’s offensive security roadmap and annual testing strategy.

Qualifications:

• 3–7+ years of experience in offensive security, penetration testing, red teaming, or advanced security engineering.
• Strong understanding of Windows, Active Directory, Entra ID, Azure, Microsoft 365, and cloud identity attack paths.
• Hands‑on experience with red team and offensive tools (e.g., C2 frameworks, custom payloads, phishing infrastructure).
• Deep familiarity with the MITRE ATT&CK framework and threat‑actor–driven testing methodologies.
• Ability to write clear, high‑quality technical reports suitable for auditors and executives.

Preferred Qualifications:

• Experience operating in Microsoft Defender, Sentinel, and XDR‑centric environments.
• Prior experience supporting SOC 2 Type II, ISO 27001, or similar regulatory and audit programs.
• Red team or offensive security certifications such as: o CRTO / CRTO II o OSCP / OSEP / OSED o GWAPT / GXPN.
• Background in detection engineering, purple teaming, or incident response.

Key Skills & Competencies:

• Adversary mindset with strong ethical grounding.
• Excellent documentation and communication skills.
• Strong scripting or programming capability (PowerShell, Python, C#, etc.).
• Ability to work independently with minimal supervision.
• High degree of professionalism when handling sensitive access and findings.