Listing Description

About This Role – Red Team Security Engineer

Genesis is seeking a highly capable Red Team Security Engineer, who will assist Genesis stay safe and secured from threats. This position will help to provide and improve services which include engaging with various teams of different complexity to test security tools, architecture, configurations, and the Enterprise security SIRT response to incidents.

Responsibilities:

• Conduct independent vulnerability research pertaining to AWS relevant technologies


• Utilize playbooks for penetration testing techniques, methodologies, and Breach and Attack Simulations. This should include both collaborative and individual work effort


• Reference process documentation when executing penetration testing techniques and methodologies


• Execute manual security assessments on a wide range of IT systems and products with a specific focus on circumventing and exploiting weaknesses in Genesis’s technologies, processes, and personnel security controls to keep the company ahead of threat actors


• Execute Proof-of-Concept penetration testing on proposed technologies for the enterprise


• Perform thorough scoping and planning before conducting security reviews


• Clearly document the scope of work, attack scenarios, findings, and evidence in the report


• Keep up to date with application security trends including information security news, application security services, tools, latest breaches, patch updates, etc.


• Identify detection and mitigation opportunities for IT partners to mitigate identified exploits and improve overall security posture


• Partner with defensive team counterparts in various exercises and to enhance security across the enterprise


• Provide debriefs of operations, vulnerabilities, concerns, and opportunities to leadership


• Partner with the SIRT and other stakeholders in the organization to identify security posture improvement opportunities


• Collaborate with the internal teams on threat analysis and research


• Study the techniques of Threat Actors, and apply that lens to operational work


• Provide actionable long term risk mitigation guidance to Information Security Engineers, other security personnel, internal technical staff, as well as leadership


• Operate breach and attack scenarios by executing tactics, techniques, and procedures to simulate/emulate financial industry threat actors attacking key operating systems, application, and networking defenses to ensure compliance with information security policies and adherence to best practices

Personal Attributes:

• Self-starter, ability to work independently with minimal supervision and as part of a team


• Good communication skills, and a willingness to train and mentor junior personnel


• Able to work with both technical and business stakeholders to design solutions that bring optimal security benefits while accounting for business needs and timelines


• Project management, cross-team coordination and driving organizational change


• Strong verbal and written skills


• Excellent interpersonal skills

Requirements:

• Minimum three (3) years of experience of operating in a technical red team or pen tester capacity


• Bachelor's degree in Information Technology, related discipline, or relevant work experience


• Relevant Technical Security Certifications (GIAC, CEH, OSCP, and/or OSCE, Offensive Security, etc.)


• Familiarity with MITRE ATT&CK and how it's applied by both Red and Blue Teams


• Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)


• Strong understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications


• Strong knowledge of tools used for wireless, web application, and network security testing.


• Experience with bug hunting, bug bounties, capture the flag, software development


• Strong understanding of Cloud architecture, security controls of security circumvention tools and techniques


• Ability to review, modify and create scripts for automated testing techniques using languages such as Python, PowerShell, etc.


• Experience penetration testing in global environments with various legal and regulatory requirements


• Detailed understanding of the TCP/IP networking stack, network technologies and covert channels, Network penetration testing and manipulation of network infrastructure


• Self-starter, ability to work independently with minimal supervision and as part of a team


• Project management, cross-team coordination and driving organizational change

Benefits:

• 100% Premium Coverage for Medical, Dental, & Vision for you and your dependents


• Flexible Spending Accounts, Health Savings Accounts, Tax-Free Transit benefits, & other supplemental benefits available


• Flexible time off


• Generous Parental Leave