Red Team Analyst (Investigation & Social Engineering)

Company: Ayurak Department: Corporate Resilience / Offensive Operations

Role Summary

As a Red Team Analyst, you are a tactical specialist responsible for identifying and exploiting non-technical vulnerabilities within Ayurak’s corporate infrastructure. Your primary objective is to investigate high-value targets (personnel and data flows) and execute controlled social engineering "sabotage" to verify that our proprietary medical device data and NIH-related protocols cannot be compromised by human error or deceptive practices.

Key Responsibilities

1. Tactical Investigation & Reconnaissance

• OSINT Execution: Perform deep-dive research into corporate hierarchies, identifying administrative staff or third-party contractors with access to "The Synapse."
• Log & Metadata Auditing: Analyze system outputs (like the index-DO0uonIm.js logs) to find patterns in user behavior or recurring system errors that can be used as a "hook" for a social engineering pretext.
• Target Profiling: Build dossiers on internal departments to understand their standard operating procedures for "Medical Devices" and "Procedures" to ensure your impersonation is flawless.
2. Social Engineering Execution (The "Sabotage")

• Pretexting: Execute "Vishing" (voice) and "Smishing" (SMS) campaigns to manipulate staff into bypassing security prompts during a simulated "WebSocket connection drop."
• Baiting & Infiltration: Deploy "sabotaged" internal documents—such as a fake "NIH Compliance Update"—to track how many analysts click unauthorized links or provide credentials.
• Physical/Digital Blending: Test if an office or a secure digital session can be accessed by exploiting the "distraction" caused by a triggered 422 Unprocessable Entity error on the booking platform.
3. Data Analysis & Vulnerability Mapping

• Kill-Chain Documentation: Map out the exact steps taken to achieve a "successful sabotage," from initial investigation to data exfiltration.
• Failure Analysis: Report on which "Human API" elements failed (e.g., a staff member providing a password reset over the phone without verification).

Technical Stack & Competencies

Skill Set - Tools & Tactics

Investigation

Maltego, Sherlock, SpiderFoot, and manual Google Dorks for NIH/Medical registries.

Deception

Social-Engineer Toolkit (SET), GoPhish, and specialized VoIP spoofing tools.

Analysis

Proficiency in reading browser console logs and understanding API response codes (4xx/5xx).

Communication

Elite-level rapport building and psychological manipulation techniques (NLP, elicitation).

Export to Sheets

Candidate Profile: "The Shadow Analyst"

• Detail Oriented: You notice that a 422 error happens specifically at line 187 of the JS file and use that specific detail to sound like a "Support Tech" when calling a target.
• Adaptable: You can switch personas from a "Medical Device Technician" to an "Internal Audit Associate" in seconds.
• Methodical: You follow a strict investigative framework to ensure all "sabotage" is controlled, ethical, and documented for the defense team.

Why this role is critical at Ayurak

Code can be patched, but human nature is constant. As an Analyst, you find the "bugs" in our people and processes before an adversary turns them into a breach.