RoleCybersecurity

Red Teamer

Long campaigns, adversary emulation, AD chains, evasion against modern EDR.

The verdict

Tiny market, brutal bar, mythologised everywhere. A real seat if you've already done the years, a fantasy if you're aiming at it as a first security job.

Pick this if

You've got serious pentest, malware or detection-engineering background already
You think in objectives and TTPs, not vulnerabilities and CVSS scores
You can write tooling that survives contact with a competent blue team
You're comfortable working alone for weeks before you have anything to show

Skip this if

You haven't yet done two years of pentest or equivalent offensive work
You want fast feedback loops, red-team engagements move in months
You'd struggle with operating quietly and never getting public credit

What "doing well" looks like in the seat

You build, lose, and rebuild infrastructure without breaking stride
Your TTPs evolve with the target, you don't run the same playbook twice
Blue teams find your work hard to detect even when they're warned in advance
You can defend every operational decision in a post-engagement debrief

The bit you're probably underestimating

The job is mostly preparation and patience. For every week of exciting operational work there are six weeks of infrastructure prep, recon, tooling, scoping and reporting. Most people who chase the role bounce off the prep, not the ops. Pay is good but not extraordinary outside FAANG and elite consultancies, and the career ceiling inside red team itself is low. Plan an exit into adversary simulation leadership, research, or detection before you take the seat.

Tradeoffs at a glance

Hover any chip for the calibrated meaning. Ratings are directional, not absolute.

Promotion ceiling

High at senior IC; small market, mostly large enterprises and gov.

Who actually gets in

+Pentester
+Malware analyst
+Offensive consultant

Common misconceptions

−That it's the natural next step from pentest, different skillset entirely.

Where this leads

Adversary Emulation
Tooling / C2 dev
Detection (purple)

Certifications people pair with this

Listed because the graph connects them to this role, not because you need all of them. Most practitioners pick one or two.

Pathways that pass through here

Offensive Security (Pentest / Red Team)
Hands-on offensive work. High ceiling, high effort, slow start. OSCP/PNPT biased. CISSP is NOT the path.

The serious next step

You've read about the role. The harder question is whether it's the right one for you.

A Career Verdict is the written, practitioner-authored call on your specific route into and out of this role. Six primitives, same format every time.

Plateau zone

The flat year nobody warns you about, named and timed.

Reality vs Fantasy

Your actual five-year curve against the one you've been sold.

What to sit and what to skip

Each cert on your list: useful, optional, or skip, with reasons.

The call

A single written judgment on whether your plan holds up.

Tradeoff spectrum

What you're giving up for what you're choosing, plotted.

Decisive factors

The two or three things that will actually make or break this.

See what a Career Verdict looks like £25 · one verdict, yours to keep

Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.

All roles