Posted Date :2024-03-01
As an Offensive Security Engineer (Red Team Consultant), you will collaborate with a team to conduct various forms of security testing on our clients' Network Infrastructure and Web applications. Your role involves identifying security issues and proposing effective solutions. Additionally, you will engage with clients to recommend long-term security controls. Your responsibilities will encompass researching vulnerabilities within client networks and web applications, performing network penetration testing, conducting web application security assessments, and executing other highly technical engagements across diverse client industries. You will also be tasked with recommending and implementing enhancements to testing methodologies, producing comprehensive reports, and delivering presentations tailored for both technical and non-technical audiences, including executives and stakeholders.
Key Responsibilities:
Perform penetration tests on network infrastructure, systems, and applications to detect exploitable vulnerabilities and assess potential security risks.
Simulate real-world cyber-attack scenarios to evaluate the organization's defense capabilities and overall security posture.
Assess the functionality and effectiveness of Security Devices, including firewalls, IDS/IPS, antivirus software, EDR solutions, web content filtering systems, Email Gateway Security, Data Loss Prevention, etc.
Possess a solid understanding of network security, DDoS attack infrastructures, and ISP defense mechanisms.
Conduct physical and wireless security assessments across various client locations.
Utilize common testing frameworks, such as the MITRE ATT&CK framework, in project execution.
Plan and execute red team engagements/activities, defining scopes, objectives, and timelines.
Document and categorize findings discovered during assessments, and research novel tactics, techniques, and procedures for gaining unauthorized access to user data.
Incorporate Threat Intelligence research to monitor APT trends and assist partners in testing their environments against emerging threats.
Develop, extend, or modify exploits, shell code, or exploit tools.
Collaborate with Incident Response, Product Security, and other security partners to align remediation efforts for optimal company protection.
Requirements & Skills:
Minimum of 2+ years of experience in Offensive Security / Red Team or related positions.
Proficiency across various Operating Systems (*nix, MacOS, Windows).
Proficient with stateful network operations and adept at using network mapping tools like Nmap.
Knowledgeable in Active Directory and Windows Security.
Familiarity with common C2 Frameworks.
Experience with cloud-based environments (e.g., GCP, AWS, Azure).
Familiarity with container-based environments.
Actively engaged in contributing to the security or privacy community through avenues like public research, blogging, presentations, bug bounties, CVEs, etc. is advantageous.
Ability to articulate technical concepts to diverse audiences through written reports and verbal presentations.
Detailed understanding of global cyber threats, threat actors, and their tactics, specifically those targeting the e-commerce sector.
Agile-minded team player with effective planning, scheduling, and adaptability skills to meet deadlines.
Eagerness for self-improvement, openness to new ideas, and forward-thinking mindset.
Excellent communication skills in both written and spoken English.
Relevant certification(s) from Offensive Security, eLearnSecurity, or SANS Institute is beneficial.