Red Team Operator / Engineer

***We are unable to sponsor for this 12+ Month Contract / CTH role***

Prestigious Fortune 500 Company is currently seeking a Information Security Red Team Operator. Candidate will provide domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering! In this role, the candidate will provide improved vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness. This role provides domain expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, as well as Red Team and Purple Team internal engagements. Additionally, you will provide improved vulnerability analysis and contextual feedback to partners to support the resolution of discovered vulnerabilities and facilitate risk awareness.

The Red team is responsible for testing the overall strength of our organization s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker

Responsibilities:

Perform internal and external penetration testing of network infrastructure and applications

Perform Red team assessments including physical, social engineering, and network exploitation

Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases

Perform network reconnaissance, OSINT, social engineering, and physical security reviews

Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards

Effectively communicate findings and strategy to stakeholders, including technical staff and executive leadership

Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement

Participate in regular Purple team exercises and perform adversary simulations to test defense controls

Assist with scoping prospective engagements, leading engagements from kickoff through remediation

Work closely with Blue team to test efficacy of existing alerts and help create new detection.

Create findings reports and communicate to stakeholders

Contribute to enhancing the team s toolkit

Write custom scripts to automate tasks related to finding new vulnerabilities

Maintain runbooks to continually improve penetration testing methodologies and threat modelling.

Qualifications:

8-10 years of experience in Penetration testing, Red Team and Purple Team

Bachelor of Science in Engineering, Computer Science, Information Technology, or equivalent work experience

Advanced knowledge in common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, Empire, KALI Linux etc.)

Must have a demonstrable understanding of voice and data networks, major operating systems, active directory, cloud technologies

Must demonstrate knowledge of MITRE s ATT&CK framework, execute and chain TTP s

Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.

Ability to optimally code in a scripting language (Python, Bash, PowerShell, Perl, etc.)

OSCP