Senior Penetration Testing – Red Team

Role Overview

• Find new and creative ways to break technology through either Red Team or Purple Team operations
• Plan, scope, and implement large scale covert operations that have sophisticated goals and significant impact
• Develop new adversary tools, techniques, or methodologies
• Threat Hunting opportunities to partner with the teams Threat Hunters, using our special adversarial talents to discover and eradicate threats
• Engagement in all phases of Red Team security operations
• Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
• Perform network reconnaissance and open-source intelligence gathering
• Configure and safely utilize attack tools, tactics, and procedures against authorized targets
• Develop scripts, tools, or methodologies to enhance red teaming capabilities
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations

Requirements

• Do No Harm approach: operational objectives cannot come at the expense of others
• Growth Mindset. Excited for opportunities to solve new problems every day
• Helpful demeanor. We are trusted adversaries and trust needs to remain strong
• Customization of Adversarial Tools: Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF are examples
• Defender experience and knowledge. Utilizing Splunk and finding risks
• Web application penetration testing assessments
• Email, phone, or physical social-engineering assessments
• Developing, extending, or modifying exploits, shell code or exploit tools
• Network penetration testing and manipulation of network infrastructure
• Relevant, recent and verifiable experience in information security and adversary simulation
• Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
• Experience with Red, Blue, or Purple teaming exercises
• Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
• 3 or more years of Penetration Testing/Red Team experience
• Ability to define and communicate complex technical risk problems, concepts and situations to multiple skill levels, including business personnel with little to no cyber experience
• Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
• Experience with systems such as Service Now, JIRA, and equivalent
• Ability to fluently read, write and speak English
• Experience with leading group discussion and presenting to varying levels and audiences
• Self-motivated and self-management skills

Tech Stack

• Splunk

Benefits

• Competitive Pay
• Bonus for Eligible Employees
• Benefits Package
• Pension Plan
• 401k Match
• Employee Stock Purchase Plan
• Tuition Reimbursement
• Disability Insurance
• Medical Insurance
• Dental Insurance
• Vision Insurance
• Employee Discounts
• Career Training & Development Opportunities
• Health and Work/Life Balance Benefits
• Paid Time Off starting at 160 hours annually for employees in their first year of service.
• Ten (10) paid holidays per year (typically mirroring the New York Stock Exchange (NYSE) holidays).
• Be Well Company holistic wellness program, which includes Wellness Coaching and Reward Dollars
• Parental Leave – fifteen (15) days of paid parental leave per calendar year to eligible employees with at least one year of service at the time of birth, placement of an adopted child, or placement of a foster care child.
• Adoption Assistance
• Employee Assistance Program
• Back-Up Care Program
• PTO for Volunteer Hours
• Employee Matching Gifts Program
• Employee Resource Groups
• Inclusion and Diversity Programs
• Employee Recognition Program
• Referral Bonus Programs