Lead Red Team Penetration Tester (Remote)

Lead Red Team Penetration Tester

Salary: starting at $160k + bonus

Location: 100% Remote

*We are unable to provide sponsorship for this role*

Qualifications

• BS in Computer Science, Information Management, Information Security, or comparable
• 8+ Years' experience penetration testing.
• 10+ Years' experience in Information Assurance or Information Security environment.
• Certificates or Licenses preferred.
• Strong proficiency in network, application, emissions and physical security.
• Strong proficiency in social engineering and intelligence gathering.
• Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation.
• Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
• Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
• Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls.
• Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).
• Proficient in basic document management in a Microsoft SharePoint environment.
• Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus.
• Experience with using ServiceNow a plus.

Responsibilities

• Execute Red Team simulations based on organizationally defined threat scenarios with strict adherence to the agreed-upon rules of engagement.
• Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
• Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
• Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
• Perform security risk assessment, threat analysis and threat modelling.
• Perform independent reviews of company security, network, and applications.
• Plan/Design/Execute security related activities and create artifacts.
• Stay on-time, on-budget, and within scope of testing activities.
• Develop clear detailed reports and recommendations based on concrete evidence.
• Debrief users and provide remediation strategy on findings.