Security Consultant - Red Teaming/VAPT

About Gruve

Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.

About The Role

We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies

Key Responsibilities

• Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews.
• Perform manual security assessments for web applications, APIs, and client-server applications.
• Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration.
• Develop and execute custom attack payloads using tools and scripts.
• Assess physical security controls and implement social engineering assessments when required.
• Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell.
• Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit.
• Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements.
  
  

Basic Qualifications

• Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers)
• Experience: Required: 2 - 5 years.
• Excellent communication and collaboration skills.
  
  

Preferred Qualifications

• Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO.
• Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API).
• 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains.
• Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM.
• Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc.
• Basic ability to write automation scripts (Bash or Python).
• Understanding of threat modeling and secure coding practices.
• Strong understanding of TTPs, threat modeling, and secure coding practices.
• Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.‍
  
  

Why Gruve

At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.

Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.