Lead Information Security Analyst – Red TeamApply Job ID JR0073536 Date posted 09/21/2022
Apenetration-tester/redteam member is a very hands-on representative of the information security team. Pen-testers/red teamers must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up-to-date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.
Penetration-testers/redteamers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times.
Essential Job Duties:
Document and formally report testing initiatives, along with remediation recommendations and validation.
Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
Develop and maintain tools and scripts used in penetration-testing and red team processes.
Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
Understand breach and attack simulation (BAS) solutions and work with the team to validate controls effectiveness.
Perform other duties as assigned.
At least 5-7+ years’ experience in information security administration, offensive tactics, penetration testing and red team operations.
Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
Experience conductingpenetration-testing/redteam engagements as a consultant or within a previous role in a professional organization.
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
Additional Skills and Experience:
Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
Self-starter requiring minimal supervision.
Excellence in communicating business risk and remediation requirements from assessments.
Analytical and problem-solving mindset.
Highly organized and efficient.
Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent experience.
Preferably, one or more of the following: OSCP, CEH