As a member of the Threat Simulation and Countermeasures team, the Cyber Threat Emulator play a critical role in planning and executing cyber threat simulations. Threat simulations are used to improve the security of existing commercial offerings, maintain compliance with multiple regulatory guidelines, and conduct hands on offensive security testing focused on improving detection and response, while customizing techniques to evade AV, EDR, and other protection technologies. Threat simulations include modeling attacks that cover known tactics, techniques, and procedures, and developing novel simulations against products and services.
The Cyber Threat Simulator must be knowledgeable with post-exploitation tools as well as Live Off the Land Binaries (LOLBIN) to establish footholds, escalate privileges, move laterally, and fulfill mission objectives to stress test the overall cyber security resilience. Simulations will occur in complex Windows Active Directory environments, multiple *nix systems in standard data centers, as well as cloud infrastructure. Accurate and comprehensive reporting is required to all stakeholders, technical staff and executive leadership to highlight simulation findings.
The responsibilities include:
• Lead or enable exploitation operations in support of organization objectives and target requirements.
• Perform penetration testing as required for new or updated applications. This also applies to compliance penetration testing
• Apply and utilize authorized cyber capabilities to enable access to targeted networks.
• Research and simulate known post-exploitation tools (Cobalt Strike, mimikatz, PowerSploit, etc) to gain understanding of functionality and use in Red and Purple Team engagements.
• Collaborate with other internal and external partner organizations on target access and operational issues.
• Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers.
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
• Maintain proper documentation and creation of reports, highlighting exercise details, risk findings, and recommendations.
• 4+ years of Penetration Testing/Threat Emulation Experience
• Bachelors in Computer Science or related field or equivalent work experience and appropriate certifications
• Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
• Expert knowledge using, administering, and troubleshooting Kali Linux as an attack platform
• Experience with Windows/Active Directory attacks and attack path enumeration
• Knowledge of network topology and complementing security controls (Firewall, IDS/IPS, WAF, NDR, EDR, etc)
• Knowledge of PCI and other industry compliance standards
• Knowledge of cyber attack stages, cyber threats and vulnerabilities, intrusion sets
• Experience with conducting Red or Purple teaming exercises
• Experience with scripting and editing existing code and programming, including Python, Bash, C, C++, .NET, or Java
• Knowledge of network vulnerability assessments, Web application security testing, network penetration testing, red teaming, security operations, or hunt operations
Industry certifications such as CEH, GPEN, CEPT, LPT, OSCP, or OSCE are desirable.