Red Team Security Test Engineer
*Position is Bonus eligible*
Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement.
Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls.
The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques.
Responsibilities:
Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
Qualifications:
BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
Reference: 2808652166
Red Team Security Test Engineer
Posted on Aug 13, 2024 by Request Technology - Craig Johnson
*Position is Bonus eligible*
Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement.
Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls.
The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques.
Responsibilities:
Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
Qualifications:
BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
Reference: 2808652166
Alert me to jobs like this:
Amplify your job search:
Expert career advice
Increase interview chances with our downloads and specialist services.
Visit Blog