Senior Red Team Engineer

About Allstate

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. For more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs, from advocating for seat belts and air bags to being an industry leader in pricing sophistication, telematics, and more recently, device and identity protection.

Role Overview: Senior Red Team Engineer

As a Senior Red Team Engineer at Allstate, you will plan and lead stealthy, objective-based adversary emulation across both enterprise and cloud environments. Your primary goal will be to validate our defenses against real-world threats. You will play a crucial role in shaping the red team’s strategy and roadmap, collaborating closely with detection engineering and incident response teams (purple teaming), mentoring junior operators, and translating complex technical risks into clear, actionable recommendations for senior leadership.

What You’ll Do

• Lead comprehensive red team operations, from initial scoping to data exfiltration, including stealthy, multi-stage attack simulations across enterprise environments while strictly adhering to rules of engagement.
• Design advanced adversary emulation scenarios informed by current threat intelligence and the MITRE ATT&CK framework.
• Operate within complex enterprise stacks, conducting exploitation of systems, networks, Active Directory, and cloud infrastructure, always focusing on realistic threat behaviors.
• Identify critical gaps in existing detection, prevention, and response mechanisms, then collaborate effectively with security engineering and detection teams to implement solutions.
• Develop custom tooling and payloads specifically designed to evade security controls and simulate advanced threat capabilities.
• Manage the necessary infrastructure required to conduct effective red team operations.
• Mentor other red team operators and actively contribute to internal training programs, tool development initiatives, and continuous process improvement.
• Produce detailed reports and deliver compelling presentations of findings to both technical and executive stakeholders, translating technical risk into actionable insights that drive remediation decisions.

What You’ll Bring (Minimum Qualifications)

• 6+ years of hands-on experience in offensive security, with at least 2 years specifically leading or co-leading objective-based red team operations.
• A deep understanding of enterprise environments, including Windows, Linux, Active Directory, and cloud platforms (Azure, AWS, GCP), alongside common misconfigurations and attack paths.
• Advanced proficiency with leading offensive tools and frameworks such as Cobalt Strike, Mythic, BloodHound, SharpHound, Mimikatz, and PowerShell Empire, coupled with the ability to write or modify tooling for OPSEC and EDR evasion.
• Strong capability to develop or customize attack tooling using languages like Python, PowerShell, C#, and Bash.
• Comprehensive understanding of modern security controls, including EDR, MFA, network segmentation, and robust logging practices.
• Expert application of the MITRE ATT&CK framework for strategic planning, precise execution, and detailed reporting of red team activities.
• Excellent communication skills, demonstrated by the ability to craft clear, concise, technically deep reports and executive-level narratives that effectively drive decisions and remediation efforts.

Preferred Qualifications

• Documented contributions to the broader security community, such as original research, tool development, conference talks, or security blogs.
• Relevant certifications, including OSEP, OSCP, CRTO, OSCE, or GXPN, are highly valued but are not strictly required.
• A 4-year Bachelor's Degree is preferred but not required; an equivalent combination of education and experience may be considered.
• 6 or more years of overall experience is preferred.

Key skills/competency

• Red Teaming
• Adversary Emulation
• Offensive Security
• MITRE ATT&CK
• Cloud Security
• Active Directory
• Python Programming
• EDR Evasion
• Penetration Testing
• Risk Assessment