This is an excellent opportunity for a Red Teamer or an experienced penetration tester looking to advance their skills, to participate in a forward looking red team at a prominent regional bank.
The successful Red Team member will help to build and deliver red team operations, purple teaming exercises, pentests of the latest security products and contribute actively in the bank’s efforts in adopting and maintaining an enterprise-wide view of threat-driven risks, with the goal of working with various stakeholders in the enterprise to manage these risks.
The candidate will need to have proven track record in advanced network, system and application exploitation and will be required to work independently or as part of the red team to execute threat simulations.
Key Responsibilities:
- Plan and execute red team operations and campaigns across the spectrum of people, processes and technologies.
- Develop techniques from the Mitre ATT&CK framework and perform purple teaming exercises working closely with the SOC team to enhance detection and prevention capabilities.
- Support the development of red teaming methods, operations and simulations within and across the enterprise to include cyber security, personnel security, operations security, facilities security, and third party vendors/service providers.
- Provide cybersecurity technical testing services, including network, system or application penetration test and vulnerability assessment through in-depth technical analysis and exploitation of vulnerabilities.
- Provide regular threat/risk updates, presenting findings and learnings from cyber-attacks, red team operations, and cyber-attack simulations within a context of overall risk to the enterprise.
- Work closely with existing technology infrastructure, business application and security teams, both to receive input and to provide practical and actionable threat intelligence.
- Evaluate, build and support a set of open-source and commercial security tools.
- Plan and manage third party red teaming and penetration tests
Education
- Bachelor degree in Computer Science, Computer Engineering, Software Engineering or related discipline.
- OSCP and/or CREST CRT certified.
- Advanced certifications such asOSCE, OSEP, CRTE, OSEE, GXPN, CREST CCT and CCSAS would be an advantage.
Technical Skills and Experience
- At least 8 years of IT experience, in which over 5 years are in the domain of technical security testing, preferably in a banking environment.
- Excellent infrastructure and web penetration testing skills.
- Ability to circumvent incident detection processes when conducting red team operations.
- Ability to build custom tools and exploits using one or more of the following: Powershell, python, C++ or C#.
- Knowledge of the latest Cybersecurity tools and vulnerabilities.
- Experience in utilizing the Mitre ATT&CK framework would be an advantage.
- Reverse engineering and exploit development experience would be an advantage.
- Red teaming and purple teaming experience would be an advantage, but not a requirement.
Soft Skills
- Excellent communication, writing and presentation skills.
Ability to collaborate and share knowledge within a fast-moving environment. - Ability to work effectively with a variety of stakeholders interests within the enterprise.
