Attack & Penetration - Red Team Consultant Contract to Hire in CDMX

Centro Histórico, Mexico City, CDMX 1-Month Contract (Extensions up to 12 Months Possible) On-Site | Monday–Friday | 8:00 AM–5:00 PM Monday, December 1, 2025 USD $300 Mexican nationals only

We are seeking a Red Team Consultant to lead a full-scope offensive security engagement for a major enterprise client. The mission: assess and challenge the organization's cybersecurity posture through realistic adversary simulations, infrastructure exploitation, detection‑evasion testing, and targeted scenario execution.

You will operate in both independent and collaborative modes, supporting red team, purple team, and full-spectrum offensive assessments. This includes network, application, wireless, physical access, and social engineering operations. The environment is fast‑paced, hands‑on, and outcome‑driven—ideal for an operator who can think creatively, execute precisely, and communicate clearly.

• Intelligence-driven threat mapping and target development.

• Construction of realistic attack paths aligned to client environment and threat profile.

• Lateral movement, privilege escalation, and data exfiltration.
• Web application exploitation, command‑and‑control deployment, ransomware simulation, and web shell operations.

• Achieve defined success indicators (“flags”) and document evidence.

• Extract or alter data from critical internal services.
• Start, stop, or manipulate mission‑critical Windows/Linux services.
• Inject unauthorized transactions or commands between critical systems.
• Compromise virtualization or hypervisor infrastructure.

• Plan and execute end-to-end Red Team operations targeting internal network, infrastructure, and application layers.
• Conduct purple team exercises, vulnerability assessments, penetration tests, wireless security reviews, physical security evaluations, and social engineering engagements.
• Execute full offensive workflow: reconnaissance, intel collection, scenario development, exploitation, and post‑exploitation.
• Evaluate and challenge the client’s detection and response capabilities through stealth attack simulations.
• Produce timely, high-impact deliverables, including:
• Daily touchpoints: 10–15 minutes reviewing activities and next steps.
• Weekly progress reviews: 30–60 minutes summarizing results, blockers, and escalations.
• Deliver clear, actionable written and verbal reporting for both technical and executive stakeholders.

• Mexican citizenship is mandatory.
• Proven experience executing complex Red Team or advanced penetration testing engagements.
• Deep understanding of adversarial tactics, techniques, and procedures; expertise with offensive tooling such as Metasploit, Cobalt Strike, PowerShell, Python, Bash, and social engineering methodologies.
• Demonstrated ability to work systematically, document findings clearly, and manage tight timelines.
• Strong analytical skills with the capability to translate technical impact into business‑aligned recommendations.
• Relevant certifications (OSCP, OSCE, OSEP, CEH, etc.) are strong advantages.