At BBH we value diverse backgrounds, so if your experience looks a little different from what we've outlined and you think you can bring value to the role, we will still welcome your application!
What You Can Expect At BBH:
If you join BBH you will find a collaborative environment that enables you to step outside your role to add value wherever you can. You will have direct access to clients, information and experts across all business areas around the world. BBH will provide you with opportunities to grow your expertise, take on new challenges, and reinvent yourself—without leaving the firm. We encourage a culture of inclusion that values each employee’s unique perspective. We provide a high-quality benefits program emphasizing good health, financial security, and peace of mind. Ultimately we want you to have rewarding work with the flexibility to enjoy personal and family experiences at every career stage. Our BBH Cares program offers volunteer opportunities to give back to your community and help transform the lives of others.
Cyber Red Team Operator
The Cyber Red Team Operator will be responsible for the execution of Red Team assessments to improve the security posture of BBH. The Red Team Operator plans and executes Red/Purple Teaming events, Penetration Tests, Vulnerability Assessments, and Control Validations. This position will be required to effectively operate under Red Team procedures/controls to identify vulnerabilities across the BBH environment.
PRINCIPAL RESPONSIBILITIES
Red Team Activities
Execute Red Team activities to include scope development, planning, execution, data collection, reporting, and remediation support
Conduct risk assessments of vulnerabilities identified and write reports to facilitate the mitigations and remediations needed to improve BBH security posture
Understand and implement BBH Red Team Operating Standard and conditional Rules of Engagement in accordance with regulatory guidelines and best practices
Lead collaboration and brief results with security architecture, development, network, server, and web teams to mitigate or remediate security weaknesses as well as provide prevention and detection recommendations for cyber threats. Monitor the resolution of vulnerabilities with application and system owners and escalate identified security vulnerabilities when required
Participate in Cyber Tabletop Exercises as a subject matter expert for adversary behavior, intent, and TTPs
Technical Management
Maintain an understanding of adversary Tactics, Techniques, and Procedures (TTPs) and how to best emulate adversary behavior for Red Team Activities.
Recommend and manage configurations of Red Team tools and Attack Simulation Tools.
Assist with the execution of Consultant Penetration Testing of the firm’s cyber security posture.
KNOWLEDGE, SKILLS AND ABILITIES
8 to 10 years of relevant experience in four or more of the following areas:
Red Team Operations and Penetration Testing
Network security assessments
Web application vulnerability identification
Designing and Implementing Red Team security controls
Offensive Security
Malware analysis and remediation
Security Incident Response
Knowledge & technical skills:
Expertise with security assessment methodology, vulnerability management, OWASP model, CVE ratings
Experience with Red Team tools and attack simulation tools
Ability to read web and application server logs to identify vulnerabilities
Scripting/coding experience to prepare attack code
Knowledge/ability to classify the severity of vulnerabilities
Experience preparing Red Team reports
Familiarity in cyber security forensics is a plus
Other requirements (licenses, certifications, specialized training, physical or mental abilities required)
Offensive Security Certified Professional (OSCP)
Certified Information Systems Security Professional (CISSP) a plus
Network+ certification a plus
After hours & Weekend work required
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.
62795