Listing Description
Purpose of Role:
As a Red Team Operator - you will have a deep understanding of computer science and information security. You understand advanced concepts like exploit development and stealthy operations. This role will have access to a very diverse network at a company dedicated to providing care to patients across the globe.
Key Responsibilities:
-
Leverage real attacker emulation to simulate security incidents, observe response across monitoring and incidents, and identify enhancement opportunities
-
Develop after action reports to help justify this investment and use the results to hone the security posture for the overall organization
-
Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery
-
Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure
-
Develop payloads, scripts, and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement
-
Document identified vulnerabilities and research corrective/remediation actions to recommend a risk mitigation technique(s)
-
Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents
-
Communicate effectively with team members and during an engagement
-
Keep current with TTPs and the latest offensive security techniques
Basic Qualifications:
-
3+ years of experience as a red team operator
-
Experience with offensive tools and platforms such as Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver, Bloodhound, Ghostpack, Nmap, Nessus, Zmap, Massscan, EyeWitness, Burp Suite
-
Experience with writing high-quality assessment reports and communicating results to clients, teammates, and senior leadership
-
Knowledge of functionality and capabilities of network defense technologies, including firewalls, IDS and IPS, antivirus, and web content filtering
-
Experience building red team infrastructure and new approaches to testing a variety of environments
-
Ability to operate and lead organized security testing engagements without assistance
-
Market relevant certifications such as CREST/OSCP/OSCE/OSWP
Advanced and/or Qualifications:
-
4+ years’ experience focused on Red Team operations
-
Familiarity with various programming languages such as Python, Ruby, and Rails are a plus
-
Experience in web programming (Java, ASP, ASP.NET, HTML, JavaScript)
-
Experience with cloud-based environments (GCP, Azure, AWS, etc.)
-
Demonstrated rapid tool development & automation experience
-
Regular Expressions (RegEx)
-
Knowledge of SQL Server, SQL Client Tools, and T-SQL Stored Procedures
-
Understanding of Web Application Firewalls
-
Reverse engineering
Listing Details
- Salary: $150000 - $180000
- Citizenship: Us Citizen
- Incentives: Both
- Education: Not Provided
- Travel: No Travel
- Telework: Full Telecommute