Red vs Blue Team Jobs

No, not the classic Halo video series.

In this section we are going to talk about the different jobs that are out there, just briefly enough to pique your interest and give you context for future lessons, and then I will move on. This is in no way an attempt to provide a full list of jobs that are available.

Red Team

In this simplified world of ours, Red Team means offense and Blue means defense. Well, I'll say this one up front: Everyone wants to be red team, but there aren't any jobs for it... because it is fun as hell. Plus, you should know how to defend first because otherwise how the hell will you know what you are hiding from. (Oh I know this section will piss people off)


The most pure form of offense, somebody gives you a tool, a target, and you put hands on keyboard. Basically no legal jobs exist for this outside of the government.

Network Penetration Tester (Pentester)

It's like being an operator, but instead of hacking a target, you're paid to focus on a specific organization during what is a called a "pentest"to identify their assets, attack them, and write a report on your findings. It's like hacking, if you spent the entire time writing documentation.

Physical Penetration Tester

Like being a network pentester but you try to break into buildings, and usually it involves a lot of lying (which you call "social engineering" because you're a professional).

Web Application Pentester

It's like being a network pentester, but you look exclusively for vulnerabilities in webapps and attempt to prove impact. Then you write it up and give the exploits and bugs to whoever is paying you. If no one is paying you, then you can try to do the bug bounty thing and compete with everyone else on the internet.

Tool Developer

The people who build the tools required for operators and pentesters to do their jobs. For the most part, these people work for pentest companies and release their tools as content marketing for everyone else to use.

Exploit Developer

The people who write exploits on various pieces of software and then distribute working exploits to operators, pentesters, and often the company or software project itself so they can fix the bugs.


This is where all the hard work is, where the free world is protected, and the money gets made. Yes, this is where the vast majority of the jobs are. Plus it's way more fun to work at the top of your field legally. Red just LARPs being operators.

SysAdmins, Helpdesk, and Network Engineers

This is the front line of defense, and possibly the most important one. Anyone in these roles is in a security job, whether they want to or not.

Security Engineer

These are the people who attempt to architect the network, systems, and policies so that attackers have a harder time stealing everything.

Security Analyst

The people who look at logs and alerts and defend the network from attackers, 24/7. This is where most of the jobs are and what you should focus on.

Incident Response (IR)

These are the people who the security analysts call when they've detected a breach and need to respond to it.

Digital Forensic Analyst

Often combined with Incident Response in the acronym DFIR, these are the people the IR folks call when they need to find out what happened on a network at some point in the past.

Malware Analyst

These are the people who spend their time reverse engineering malware samples that the other analysts find.

Threat Analyst / Threat Intel

These are the people who provide actionable intelligence to everyone else on what the bad guys are doing.

Auditing and Compliance/Governance and Policy

These are the people who ensure that the security engineers are doing the right things

Identity and Access Management

These are the people who ensure that the right people are logging in to the right places securely. In a big company, this is absolutely critical.

Secure Development

While more of a subset of development, some developers are exclusively focused on making secure software, using specific processes, tools, and sometimes dedicated hardware. If every developer was an expert in secure development there'd be a lot less jobs for all the people listed above.

Tool Developer

The people who write the tools required for everyone else to do their jobs.

Alright, hopefully I didn't piss anyone off too bad with this rundown. I'll be referencing these individuals as I go forward and talk about different common attacks.

Last modified: Sunday, 20 June 2021, 10:20 AM