Tech Stack

Description

You will lead the Adversary Emulation Program at Rubrik Zero Labs, researching real-world cyber threats and translating adversary behaviors into automated attack playbooks. Your work enables enterprises to safely simulate cyber-attacks in isolated environments to prove recovery readiness.

Requirements

• 12+ years in Red Teaming, Threat Emulation, or Malware Analysis
• Expert-level proficiency in Ansible and Python for infrastructure-as-code and attack orchestration
• Deep understanding of OS internals (Windows/Linux), Database structures, and Cloud Identity providers
• Proven experience building offensive tools in production-adjacent environments with strict safety requirements
• Preferred: OSCP, OSCE, GCIH, GCFA, or AWS Security certifications

Responsibilities

• Analyze real-world ransomware, wiper-ware, and insider threat TTPs across VMware, SQL, Azure, AWS, M365
• Design and author automated attack logic using Ansible, Python, and YAML
• Create Scenario Manifests defining blast radius, risk level, and success criteria
• Develop Circuit Breaker logic to ensure simulations stay within isolated recovery environments
• Map simulations to MITRE ATT&CK framework and Rubrik-specific recovery checkpoints