Cybersecurity Analyst
Eastman · Hyderabad, Telangana, India
Chemical Manufacturing · 10,001+ employees
About the role
The role involves simulating real-world cyberattacks through penetration testing and social engineering to identify and exploit vulnerabilities. The specialist will document findings and collaborate with engineering teams to implement remediation strategies.
What they look for
Requirements
Candidates need a bachelor's degree or equivalent experience with hands-on expertise in offensive security and red teaming. Proficiency in scripting languages and a strong understanding of network and application security are required.
Full description
Founded in 1920, Eastman is a global specialty materials company that produces a broad range of products found in items people use every day. With the purpose of enhancing the quality of life in a material way, Eastman works with customers to deliver innovative products and solutions while maintaining a commitment to safety and sustainability. The company’s innovation-driven growth model takes advantage of world-class technology platforms, deep customer engagement, and differentiated application development to grow its leading positions in attractive end markets such as transportation, building and construction, and consumables. As a globally inclusive company, Eastman employs approximately 13,000 people around the world and serves customers in more than 100 countries. The company had 2025 revenue of approximately $8.8 billion and is headquartered in Kingsport, Tennessee, USA. For more information, visit www.eastman.com.
Role Description
The Red Team Security Specialist simulates real-world cyberattacks to evaluate and improve an organization’s security posture. This role focuses on identifying vulnerabilities in systems, networks, applications, and human processes by ethically exploiting them helping organizations strengthen defenses proactively.
Key Responsibilities:
- Conduct penetration testing on networks, applications, APIs, cloud environments, and endpoints to uncover exploitable vulnerabilities and validate security controls. Each engagement should include scoping, threat modelling, exploitation where permitted, and clear evidence of impact.
- Perform social engineering exercises (phishing, vishing, pretexting, physical social engineering where allowed) to evaluate human and process risk while following legal and organizational approval processes. All social engineering must be carefully scoped, authorized, and documented.
- Apply strong knowledge of network architecture, protocols, segmentation, firewalls, VPNs, routing, and switching to assess network security posture and identify potential attack paths.
- Use scripting and programming skills to automate testing, build custom tools, support exploit validation, and improve pentesting efficiency.
- Simulate advanced threat scenarios and full-scale red team engagements to evaluate detection, response, and resilience.
- Identify security weaknesses using a mix of manual testing and automated tools, validating findings to reduce false positives and demonstrate real attack ability. Prioritize risky findings by exploitability and business impact.
- Plan and conduct full-scale red team engagements across enterprise environments, coordinating with stakeholders, managing timelines, and adapting to live defensive responses. Maintain operational discipline and proper approvals throughout engagements.
- Chain vulnerabilities to demonstrate realistic attack paths and business impact.
- Document findings with detailed technical notes, reproducible steps, screenshots/log excerpts, and a business-impact analysis that quantifies risk to systems, data, or operations. Ensure reports are clear for both technical remediation teams and executive stakeholders.
- Provide prioritized remediation recommendations and pragmatic mitigation strategies, including short-term compensating controls and longer-term fixes. Work with engineering teams to clarify fixes and re-test where necessary.
- Present results and remediation plans to technical teams, incident response, and senior leadership, tailoring the depth and emphasis to each audience and supporting follow-up action and verification.
Basic Qualifications:
- Bachelor's degree or equivalent work experience or certifications.
- Hands-on experience in red teaming, penetration testing, or offensive security.
- Strong understanding of web, network, API, cloud, and endpoint security testing.
- Good programming and scripting skills for pentesting, ideally in Python, PowerShell, Bash, or JavaScript.
- Strong offensive security fundamentals, including network protocols, common application vulnerabilities, privilege escalation, lateral movement, and persistence, with the ability to understand attack chains at a high level.
- Familiarity with exploit validation, vulnerability chaining, and adversary simulation.
- Strong reporting, communication, and stakeholder management skills.
- High ethical standards and ability to work within approved rules of engagement.
- Experience performing social engineering assessments with proper legal, ethical, and organizational controls; knowledge of safe phishing frameworks and enterprise campaign tooling.
Eastman Chemical Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, pregnancy, veteran status or any other protected classes as designated by law.
Eastman is committed to creating a highly engaged workforce, where everyone can contribute to their fullest potential each day.