Skip to main content
Search

Lead Information Security Analyst – Red Team

Apply Job ID JR0073536 Date posted 09/21/2022

Job Description:

Apenetration-tester/redteam member is a very hands-on representative of the information security team. Pen-testers/red teamers must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.

Penetration-testers/redteamers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times.

Essential Job Duties:

  • Document and formally report testing initiatives, along with remediation recommendations and validation.

  • Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.

  • Develop and maintain tools and scripts used in penetration-testing and red team processes.

  • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.

  • Understand breach and attack simulation (BAS) solutions and work with the team to validate controls effectiveness.

  • Perform other duties as assigned.

Qualifications:

  • At least 5-7+ years’ experience in information security administration, offensive tactics, penetration testing and red team operations.

  • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.

  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.

  • Experience conductingpenetration-testing/redteam engagements as a consultant or within a previous role in a professional organization.

  • Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).

Additional Skills and Experience:

  • Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.

  • Self-starter requiring minimal supervision.

  • Excellence in communicating business risk and remediation requirements from assessments.

  • Analytical and problem-solving mindset.

  • Highly organized and efficient.

  • Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Education Requirements:

  • Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent experience.

Certifications:

  • Preferably, one or more of the following: OSCP, CEH

Apply