Our Red Team conducts advanced adversary emulation operations to challenge assumptions and emulate cyber and criminal threat actors targeting or attacking infrastructure. As a Red Team member, you will participate in the design and execution of campaign-based security operations, spanning a varying array of targets and platforms. Successful team members must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies.
To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing. All red team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge.
Responsibilities include:
- Engagement in all phases of Red Team security operations
- Explore novel techniques for automating reverse engineering and exploit development
- Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
- Perform network reconnaissance and open source intelligence gathering
- Configure and safely utilize attack tools, tactics, and procedures against authorized targets
- Develop scripts, tools, or methodologies to enhance red team capabilities
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
Qualifications:
- Bachelors' Degree or industry equivalent work experience in IT, Computer Engineering or a similar field
- Relevant, recent and verifiable experience in information security and adversary simulation (HTB, THM, SANS Hackfest, CTFs, NCL, CodeBreaker, GitHub Repo)
- Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries
- Industry certifications such as (but not limited to): OSCP, OSEE, OSWE, GPEN, GCIH, GWAPT, or GXPN
- 3+ years experience in two or more of the following areas:
- Network penetration testing and manipulation of network infrastructure
- Web application penetration testing assessments
- Developing, extending, or modifying exploits, shell code or exploit tools
- Experience with Red, Blue, or Purple teaming exercises
Preferred Qualifications:
- MS degree in Computer Science, Engineering, Computer Forensics, Network Security, or equivalent technical experience
- 8+ years of exploit development, computer/network security, or network traffic analysis using analytical tools
- Expert knowledge of networking components/devices and various OS/applications in Linux and Windows environments
- At least one of the following certifications (Verifiable experience accepted in lieu of certification):
- OSEE (Offensive Security Exploitation Expert)
- OSCP (Offensive Security Certified Professional)
- GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
- GPEN (GIAC Certified Penetration Tester)
- LPT (Licensed Penetration Tester)
- Active Top Secret clearance