This Job Vacancy has Expired!

Associate Principal, Red Team

Posted on Jul 7, 2022 by Request Technology

Dallas, TX 75201
IT
Immediate Start
$140k - $170k Annual
Full-Time

*We are unable to sponsor as this is a permanent full time role*

A prestigious financial firm is on the search for an Associate Principal, Security Red Team. This role is revolved around Red Team security, network/application penetration testing, security testing, using a multitude of penetration testing tools, Scripting with Python or Powershell, etc.

Responsibilities:

  • Execute Red Team simulations based on organizationally defined threat scenarios with strict adherence to the agreed-upon rules of engagement.
  • Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
  • Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
  • Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
  • Perform security risk assessment, threat analysis and threat modelling.
  • Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
  • Adhere to the best practices and work for delivering secured and quality products.
  • Supports and successfully completes Audits.
  • Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
  • Train Full time and contingent Security Testing Red Team personnel.
  • Support Security Red Team management and activities and be a team player.

Qualifications:

  • Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more.
  • Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
  • Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
  • Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
  • Strong proficiency in network, application, emissions and physical security.
  • Strong proficiency in social engineering and intelligence gathering.
  • Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation.
  • Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
  • Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
  • Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
  • Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).
  • Proficient in basic document management in a Microsoft SharePoint environment.
  • Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus.
  • Experience with using ServiceNow a plus.
  • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired.
  • 3+ Years' experience penetration testing.
  • 5+ Years' experience in Information Assurance or Information Security environment.
  • Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired.

Reference: 1658677322

Set up alerts to get notified of new vacancies.