Team Lead Offensive Security Program (Red Team) / Penetration Testing

$150,000 - $200,000

Full Time

    Skills

    • cryptography
    • Network
    • threat modeling
    • Visio
    • Penetration Testing
    • threat
    • pen testing
    • Red Team
    • Management

    Job Description

    Lead Cyber Security Penetration & Vulnerability Tester - Red Team

    LOCATION: 100% remote

    Looking for a security lead who has demonstrated experience leading a red team fulltime.  You will have several years of experience participating in and leading a full-blown offensive security program labeled as a red team.   Heavy application, infrastructure and vulnerabilities.   Must be leading a red team Not formal management.  This is not just applications it’s the whole enterprise offensive side - finding bugs the scanning tool don’t find the unknown prove out criticality. must come from a very large environment.

    Looking for someone who is capable of finding and exploiting vulnerabilities as well as being the go-to technical resource for all Red Team ops.

    The ideal candidate will have extensive experience in more than one of the following security testing domains: Open Source Intelligence, Network/Application, Web Application, Mobile Application, and Social Engineering. Experience testing database servers as well as proficiency with custom scripting and automation is a huge plus. :

    • Execute Red Team simulations based on organizationally defined threat scenarios with strict adherence to the agreed-upon rules of engagement.
    • Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
    • Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
    • Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
    • Perform security risk assessment, threat analysis and threat modeling.

    Qualifications:

    • Experience leading a Red Team
    • Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more.
    • Proven due diligence and research ability via open source avenues and technology.
    • Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS).
    • Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
    • Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
    • Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
    • Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
    • Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.