Director, Cyber Security Red Team
- JOB SUMMARY
The role of the Sr Cyber Security Red Team Engineer/Operator is responsible for supporting the enterprise threat emulation and pen-testing program, which includes but is not limited to evaluating the security of the organization's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie by simulating attacks on networks, firewalls, operating systems, operational technology and web applications to identify vulnerabilities, and report the findings.
- ESSENTIAL FUNCTIONS
Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.
- Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls. Test procedures may cover a wide range of technically diverse such as but not limited to IP network discovery, password length and complexity requirements and vulnerability exploitation.
- Knowledge of APT TTPs and how to replicate their attack methodology.
- Ability to work with publicly available exploits and PoC code.
- Write penetration testing rules of engagements, test plans, standard operating procedures and reports.
- Thoroughly document exploit chain/proof of concept scenarios.
- Research and remain up-to-date with new threats and adversary emulation methodologies.
- Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
- Hands-on expertise with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex: Burp Suite, Nmap, Metasploit, Cobalt Strike, Nexpose/IVM).
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Extensive knowledge of MITRE ATT&CK Framework.
- Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
- Must be willing to travel as needed (10%)
- Process cyber threat intelligence in accordance with the "intelligence cycle": direction, collection, processing, analysis, dissemination, and feedback from open source, paid subscriptions, and government sources.
- The position may require occasional travel to other countries.
- Develops, recommends, and enhances information risk management policies and standards, including controls, processes, and procedures to ensure that information is protected and available to the business in a timely fashion.
- Support physical security pen-tests
- Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies & infrastructure devices, databases, operational technology and ensure risk remediation before and after vulnerability scans
- Work effectively with others in the Information & Technology organization, operations in support of security policies and standards.
The above statements are intended to describe the nature of work performed by those in this job and are not an exhaustive list of all duties. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities to this job at any time which reflects management's assignment of essential functions.
III. MINIMUM EDUCATION, EXPERIENCE, SKILLS
- Bachelor's degree in technical field (Computer Science, Information Systems, Information Systems Security) or 4+ years of equivalent background and experience in red team operations, penetration testing, or cyber threat emulation
- Experience in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security
- Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
- 4-6 years of experience in a technical, professional role for an enterprise, with a minimum of 3 years in a cybersecurity vulnerability/penetration tester position.
- Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls
- Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
- Experience with common commercial and open source penetration tools such as Kali Linux, Burp Suite Pro, Metasploit and password cracking tools.
- The following certifications are strongly preferred:
- Offensive Security Certified Professional (OSCP)
- Certified Penetration Tester (GPEN)
- Web Application Penetration Tester (GWAPT)
- Possess planning, interpersonal, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
- Ability to speak both extemporaneously and in formal business settings.
- Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
- Have the ability to apply logic and reason to solve complex problems.
- Ability to establish and maintain multi-functional and positive working relationships.
- Advanced computer skills and proficiency.
- Strong interpersonal and networking skills with a solid ability to work in a team environment.
- Ability to work under stressful and tight deadlines as well as the ability to lead in a fast-paced environment.
- Above average computer hardware and software knowledge.
- Ability to multi-task, discerns patterns in detail.
- Think through problems for logical solutions and remain calm and professional under stress.
- Strong decision-making ability during both crisis and non-crisis situations.
- Able to work with highly confidential information.
We recognize the need for on-going skill enhancement and support continued learning through on-the-job assignments, training programs, tuition assistance, professional memberships, and professional conference attendance. We value talent, develop employees and offer promotional opportunities so our staff can achieve personal and professional growth.
- PHYSICAL/MENTAL DEMANDS AND WORK ENVIRONMENT CHARACTERISTICS
The physical/mental demands are representative of those that must be met by an individual to successfully perform the essential functions of the job.
The work environment characteristics described here are representative of those an individual would encounter while performing the essential functions of the job.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical/Mental Demands and Work Environment Characteristics :
☒ Ability to organize/coordinate ☒ Comprehend and follow instructions
☒ Direct, control and plan ☒ Independently make quick decisions to solve complex issues
☒ Problem Solve ☒ Analyze/Interpret data and information
☒ Perform with frequent interruptions ☒ Make decisions using sound judgment
☒ Supervise/Manage others
☐ Good eye/hand coordination ☒ Visual Acuity
☒ Use keyboard/computer/phone ☐ Detect/Distinguish smell
☐ Detect/Distinguish hearing ☒ Maintain stationary position
☒ Position self to move ☒ Move/Traverse
☐ Ascend/Descend (climb) ☐ Reaching
☐ Calibrate precise ☐ Ability to safely operate hand tools
☐ Move/Transport [X] lb. ☐ Repetitive movement activities
☒ Regular and predictable attendance
☐ Work around extreme temperatures - cold or hot
☐ Work around noise above conversation level
☒ Work in restricted access to laboratory area
☐ Exposure to dust/gas/fumes/steam/chemicals
☐ Work with Select Agents as defined by the CDC
☐ Work irregular hours that often include nights and weekends
☐ Work in multiple locations
20% Travel, including internationally