Job Description:
- Design and perform APT adversary emulation to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and non-repudiation standards
- Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks
- Responsible for the weaponization capabilities of the red team
- Research of undiscovered vulnerabilities (0 day) in red team engagements
Requirements:
- Bachelor’s degree or higher in Computer Science, Information Technology, Programming & Systems Analysis, Engineering, or other related fields
- Minimum 5 years of work experience in red team-related or relevant positions
- Proficiency in code auditing with the ability to quickly identify vulnerabilities in insecure code that can be exploited by the red team e.g. command injection, insecure deserialization, stack overflow, independently writing exploit codes
- Strong security development capabilities, with expertise in Python, Go, and in-depth experience in dynamic web crawling and distributed development
- Proficiency in various frameworks such as Puppeteer, Playwright, RabbitMQ, ELK, Yaklang, etc
- Strong communication skills and effective teamwork spirit
- Self-starter and fast learning ability
Preferred Experience:
- Experience in pentesting and red teaming, and familiar with kill chains in ATT&CK Framework (e.g. initial access, Windows AD testing, lateral movement)
- Experience in performing APT offensive and defensive
- Proven track record of bug bounty awards, Github star authors, etc