- threat modeling
- Penetration Testing
- pen testing
- Red Team
Lead Cyber Security Penetration & Vulnerability Tester - Red Team
LOCATION: 100% remote
Looking for a security lead who has demonstrated experience leading a red team fulltime. You will have several years of experience participating in and leading a full-blown offensive security program labeled as a red team. Heavy application, infrastructure and vulnerabilities. Must be leading a red team Not formal management. This is not just applications it’s the whole enterprise offensive side - finding bugs the scanning tool don’t find the unknown prove out criticality. must come from a very large environment.
Looking for someone who is capable of finding and exploiting vulnerabilities as well as being the go-to technical resource for all Red Team ops.
The ideal candidate will have extensive experience in more than one of the following security testing domains: Open Source Intelligence, Network/Application, Web Application, Mobile Application, and Social Engineering. Experience testing database servers as well as proficiency with custom scripting and automation is a huge plus. :
- Execute Red Team simulations based on organizationally defined threat scenarios with strict adherence to the agreed-upon rules of engagement.
- Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
- Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
- Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
- Perform security risk assessment, threat analysis and threat modeling.
- Experience leading a Red Team
- Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more.
- Proven due diligence and research ability via open source avenues and technology.
- Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS).
- Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
- Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed.
- Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
- Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
- Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.