Red Team, Network/Mobile Application Penetration Tester
Salary: $170-$180k + 20% Bonus
Location: 100% Remote
*We are unable to provide sponsorship for this role*
*Bonus Eligible*
Seeking a Red Teamer that will engage in targeted simulations consisting of threat intelligence gathering, network & application penetration testing, social engineering, physical security testing, mobile device testing, and more.
Qualifications
BS in Computer Science, Information Management, Information Security, or other comparable technical degree from an accredited college/university desired
Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired
10+ years' experience in an IT environment with 8+ years' experience penetration testing
Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Social Engineering and Open-Source Intelligence, Basic Emissions Testing, Physical Security Testing, and more
Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, IaaS/PaaS/SaaS)
Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed
Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications
Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols
Must have direct practical experience with one or more high level programming language
Strong proficiency in network, application, emissions, and physical security
Strong proficiency in social engineering and intelligence gathering
Strong experience with custom Scripting (python, powershell, bash, etc.) and process automation
Strong experience with database security testing (MSSQL, DB2, MySQL, etc.)
Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.)
Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls
Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus
Experience with using ServiceNow a plus.
Responsibilities
Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, etc.
Execute Open-Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools.
Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities.
Perform security risk assessment, threat analysis and threat modelling.
Perform independent reviews of security, network, and applications.
Plan/Design/Execute security related activities and create artifacts.
Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends.
Consult with technical experts and system owners on all aspects of Information Security and Compliance.
Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture.
Supports and successfully completes Audits.
Cross-train the other Security Red Team members
Cross-train other teams within Security Services and IT departments to provide subject matter knowledge of a specific adversarial threat/risk, or to assist with remediation path recommendations
Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies
Participate on various technical committees and provide input and feedback to department
Stay current on emerging technology trends and the threat landscape
Advise IT on current and emerging threats, their attack vectors, and how to mitigate them