Don't worry, we can still help! Below, please find related information to help you with your job search.
Red-Team Engineer - Penetration Tester
Company | Cyber Advisors |
Address | , Maple Grove, Mn |
Employment type | FULL_TIME |
Salary | |
Expires | 2023-06-09 |
Posted at | 1 year ago |
SUMMARY
The Red-Team Engineer Penetration Tester role is a mid-level consulting position within the Cyber Advisors Security Practice responsible for cyber security Red-Team leadership and penetration testing support. This position requires exceptional personal ethics, along with a sense of confidence, guile, and authenticity while exercising one's ability to misdirect and pretext directly in the face of a client. The role also requires solid leadership in three or more of the following areas: vulnerability analysis, wireless penetration testing, cloud or infrastructure penetration testing, web or mobile application penetration testing, or other demonstrated advanced Red-Team or Purple-Team capabilities, while allowing for on-the-job growth in areas where the candidate is weak. The role will collaborate as needed on many internal and client-facing security projects, and operational security initiatives. The ideal candidate will also support the development and operational activities of junior-level cyber analysts and engineers while helping to grow the security team's Red Team skillset, processes, and playbooks.
KNOWLEDGE, SKILLS, ABILITIES:
- Continuously learn new Red-Team techniques and obtain Red Team-oriented certifications suitable to the practice
- Willingness to take direction and accept appropriate critical guidance
- Possess a deep understanding of both information security and computer science
- Reflect the highest possible ethical and moral standards of Cyber Advisors Security Practice
- Firm grasp of networking, applications, and operating system functionality and concepts across diverse manufacturers
- Willingness to learn advanced concepts such as application manipulation, exploit development, and stealthy operations
- Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
- Proven capability and willingness to perform or assist in discovery, triage, remediation, and evaluation of threats
RESPONSIBILITIES:
- Understand all the threat vectors into each environment and be able to accurately assess them
- Rapidly assimilate the latest information and react to new client environments on a weekly or monthly basis
- Conduct cybersecurity vulnerability assessments (Red Team activities) and Penetration Tests based on client organization's requirements
- Recognize and safely use attacker tools, Tactics, Techniques, and Procedures (TTPs)
- Intellectual curiosity and the ability to learn new skills and enhance old skills quickly
- Ability to conduct client engagements with little or no supervision
- Utilize standard formats to create comprehensive and accurate reports and presentations for both technical and executive audiences
- Recognize and be willing to quickly identify and report accidents, errors, and misjudgments
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Develop scripts, tools, or methodologies to enhance Security Practice Red Team processes
- Desire to share knowledge and skills, and to mentor less experienced staff
- Perform network penetration, web application, and/or mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments (phishing, vishing, pretexting)
- Interact with and assist other Cyber Advisors teams within the NOC and MSP practice on time sensitive, critical investigations of Cyber Advisors clients
- Review and analyze cyber threats and provide SME support and training to junior level security analysts and engineers
QUALIFICATIONS:
- Strong skills in email, telephone, and physical social-engineering assessments (phishing, vishing, pretexting) required
- Must demonstrate 2-4 years' experience in the following:
- Network penetration testing and manipulation of network infrastructure and components required
- Demonstrate ability to explain complex technical concepts to a non-technical audience
- Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems
- Demonstrate ability to manage and prioritize multiple tasks, aggressive targets, and deadlines
- Demonstrate ability to write and to communicate clearly and concisely
- Understanding of NIST CSF, CMMC, ISO 27000, and other security frameworks
- Familiarity with NIST SP 800 series, CIS Benchmarks, COBIT, and similar controls standards
EDUCATION AND CERTIFICATIONS:
The successful candidate will hold:
- Solid understanding of the Penetration Testing Execution Standard (PTES)
- Active clearance a plus
- Relevant pen testing related certifications include one or more CEH, GPEN, CPT, PenTest+, ECSA, CEPT, LPT, OSCP, or OSCE
- Experience with DoD or LEO communities a plus
- 2-4+ years' experience in network or cyber security focused on Red-Teams and pen testing
WORKING CONDITIONS AND PHYSICAL EFFORT:
- This position includes both on-site and remote work activities and will require travel to the Maple Grove, MN, office on a regular (weekly or bi-weekly) cadence to be established with the manager
- Must be responsive to client, company, and project emergencies
- May require occasional out-of-state travel
- Ability and willingness to work from the office and from home as needed
- Must be eligible to work in the US without sponsorship
- Ability to travel up to 20%
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Developing mobile applications in Objective-C, Kotlin, Java, or other language
- Shell scripting or automation of basic tasks using PowerShell, bash, Perl, Python, or Ruby
- Web application assessments and penetration testing
- Developing applications in C#, ASP, .NET, C, Java (J2EE), or other high-level language
- Reverse engineering malware, data obfuscation apps, or ciphers and ciphertext
- Prefer 2-4 years' experience with three or more of the following skills:
- Mobile application assessments and penetration testing
- Source code review for application control flow and security flaws
-
Systems Analyst - Excel, Xml, Sql, Scripting
By CyberCoders At Salt Lake City, UT, United States 8 months ago
-
(Senior) Finance & Shared Services Manager
By Catholics For Choice At Washington, DC, United States 8 months ago
-
Paralegal - Probate Administration
By CyberCoders At Miami, FL, United States 8 months ago
-
Account Executive - Automotive Software
By ECW Search At United States 8 months ago
-
Construction Project Coordinator Jobs
By CyberCoders At River Falls, WI, United States 8 months ago