Summary of the role
The primary responsibility of the Red Team Analyst is to protect Marina Bay Sands' gaming, retail, and hospitality sectors from cyber threats. This includes conducting adversarial simulations, red/purple team exercises, and security assessments. All duties are to be performed following Marina Bay Sands’ policies and procedures. All duties are to be performed in accordance with the department and Marina Bay Sands’ policies, practices and procedures.
Job Scope
This Analyst is expected to perform within the areas of at least one of the following:
Adversarial Simulation:
- Perform comprehensive analyses and simulations to mimic cyber threats and identify vulnerabilities.
- Execute threat-led penetration testing and red/purple team exercises using frameworks such as MITRE ATT&CK and TIBER-EU.
- Conduct attack simulation exercises using Tactics, Techniques, and Procedures (TTPs) that cyber threat actors use to plan and execute cyber-attacks.
Red Team Activities:
- Conduct authorized offensive security operations to test the effectiveness of cyber defenses and simulate cyber-attacks.
- Execute penetration tests on external and internal infrastructures, web applications, and mobile applications to identify security weaknesses and misconfigurations.
- § Perform social engineering assessments (email phishing, vishing, physical access attacks) to simulate password theft, system infiltration, and malware/ransomware deployment.
- Perform source code reviews to identify software vulnerabilities and detect malicious embedded code.
- Assess security configurations for cloud, server, network, and middleware infrastructures.
- Review IT architecture for both cloud and on-premises environments.
Forensics and Incident Response:
- Lead cyber incident investigations and response efforts.
- Collaborate with cybersecurity specialists to maintain and update security testing methodologies.
- Perform other related duties as assigned.
Job Requirements
- Minimum diploma with at least 3-5 years of hands-on cybersecurity experience in relevant areas.
- Preferred certifications: CISSP, OSCP, CRTP, CRTO, OSWE.
- Experience in Gaming, Banking, or Critical Infrastructure InfoComm Industry is an advantage.
- Effective verbal and written communication skills.
- Proficiency with offensive security tools such as Cobalt Strike, Empire, Havoc, Mythic.
- Experience in setting up red teaming Command and Control (C2) infrastructure, including web/proxy servers, redirectors, domain frontingSkills in developing malicious payloads and understanding obfuscation and encryption techniques.
- · Proficiency in at least one scripting language (e.g., Bash, PowerShell) and/or programming language (e.g., Python, C, C#, C++, Java).
- Understanding of basic networking concepts and Internet protocols (e.g., TCP/IP, HTTP(S), SMTP, DNS, SSL/TLS).
- Knowledge of industry-recognized security testing standards and penetration testing methodology.
- Strong understanding of enterprise technologies, operations, and security evaluations.
Marina Bay Sands is committed to building a diverse, equitable and inclusive workforce, providing equal opportunities as we grow our talent base to match our growth ambitions in Singapore. Our employees are committed to adhere to and abide by all rules, regulations, policies and procedures, including the rules of conduct and business ethics of the Company.
