Red Team Analyst

Reyes Holdings is a global leader in the production and distribution of food and beverage products. Our five business units service client accounts across 43 states in the United States and 19 countries worldwide – meaning the sun never sets on Reyes Holdings. We continue as a family-owned and operated business, true to how we began in 1976. We’re known for excellence, motivated by safety, and rooted in relationships. Our top priority is our people – all 33,000+ of our employees. We’ve created a workplace where our diverse team has the ability to thrive, challenge one another to continually reach higher, and support each other on our Journey Forward together.

Pay Transparency Statement:

The compensation philosophy reflects the Company’s reasonable expectation at the time of posting. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs. This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.

Salary Range: $89,000-112,000

Position Summary:  

Reyes Holdings, LLC is seeking a Red Team Analyst to join our Cybersecurity team. This role will participate in identifying and testing the effectiveness of the organization's security measures by simulating real-world attacks on company owned networks, systems, and applications via Red Teaming, Purple Teaming, and Penetration Testing. This role will also engage technology and security liaisons over the course of day-to-day assignments and report directly to the Red Team manager.

Position Responsibilities may include, but not limited to: 

• Supporting offensive security testing as well as DAST/SAST/SCA on company networks, systems, and applications to identify vulnerabilities and weaknesses
• Providing detailed reports and analysis of Red Team activities to stakeholders and leadership, including recommendations for mitigating identified risks
• Developing, documenting, and administering the entire penetration testing lifecycle during engagements
• Engaging in purple team exercises alongside Senior Red Teamers and Blue Teamers to build and enhance threat hunting and incident response capabilities
• Collaborating with internal stakeholders and external vendors to drive remediation of security vulnerabilities discovered via penetration testing and/or Red Teaming
• Assisting Sr. Red Teamers with threat modeling services for security exceptions and architecture reviews
• Providing subject matter expertise on the remediation of discovered vulnerabilities and gaps in security response
• Participating in external attack surface monitoring as well as continuous development of Cyber Threat Intelligence (CTI) capabilities
• Staying up-to-date with the latest trends, threats, and vulnerabilities in the cybersecurity landscape
• Other projects or duties as assigned

 Required Skills and Experience: 

• Bachelor's degree in Information Security or related field and/or 2+ years of experience in Information Technology and/or Security
• Experience with network and application security testing tools such as Kali Linux, Nessus, Metasploit, BurpSuite, and Nmap
• Knowledge of common application and network protocols such as TCP/IP, DNS, HTTP, and HTTPS
• Experience with MITRE ATT&CK framework and adversary tactics, techniques and procedures (TTPs)
• Basic understanding of cybersecurity principles, standards, best practices and frameworks such as NIST, ISO, and CIS
• Familiarity with Information Security risk ranking scales and derivation
• Excellent verbal and written communication skills
• Travel as needed for role, including divisional / team meetings and other in-person meetings

Preferred Skills and Experience: 

• Hack the Box rank “Hacker” or higher
• CISSP, CEH, OSCP, GWAPT, GPEN, or other penetration testing and security related certifications are highly desired
• Experience testing solutions deployed in a public cloud environment (IaaS, PaaS, SaaS)

Physical Demands and Work Environment:

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions.  Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.