Senior Security Specialist (RedTeam)

Requirements

• Bachelor’s Degree in Information Systems / Technology, Computer Science / Engineering or equivalent field of study or a minimum of 5 years of cyber security experience
• Demonstrable experience in Red Teaming and Penetration Testing
• Minimum 3 years of deep, hands‑on, technical security experience with at least one of: multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP among others, Web Applications and Services, Cryptography, Social Engineering and Open Source Intelligence Gathering (OSINT), Mobile platforms, Software Security, malware reverse engineering
• Deep technical understanding of enterprise operating system environments, Active Directory and networking
• Solid understanding of security vulnerabilities and common software engineering flaws
• Familiarity with popular scripting languages and ability to automate simple tasks
• Familiarity with CND-based analytical models (Kill Chain, ATT&CK, etc.)
• One or more of the following security certifications OSCP, OSCE, OSEE, OSWE, CREST, GXPEN preferred
• Experience working with Financial Services and Critical Infrastructure
• Strong verbal & written communication skills & presentation skills
• Ability to work in a fast‑paced environment
• Problem solver and barrier breaker

What the job involves

• Plan and execute security testing operations across the enterprise. The successful candidate will work closely with Business partners, BISOs, GSOC, and other entities to ensure we effectively test Group’s established security program and identify potential gaps around our people, process, and technology
• Plan, lead and execute offensive security engagements where you assume the role of a threat actor during tests, attack simulations, training and exercises
• Employ simulated adversary threat‑based approaches to expose and exploit vulnerabilities and weaknesses to improve the security of both our products and technology landscape
• Replicate tactics, techniques and procedures used by modern attackers, common network exploitation and penetration techniques as well as common software exploitation techniques
• Develop attack plans to meet the specified objectives and coordinate with other Red Team Operators and 3rd Party vendors to achieve these goals
• Provide constructive feedback to the defenders and product teams on their successes and failures
• Develop, modify and extend tools/exploits that assist with execution of security assessments, including custom tools and automation
• Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and employees
• Stay current with sophisticated attacks and apply them during red team activities
• Help defensive teams and product teams understand how to detect and/or stop cyber‑attacks via purple teaming exercises, CTF demonstrations, etc.
• Become part of a team of security enthusiasts that perform ground breaking research and promote an environment of innovation and knowledge‑sharing
• This is an individual contributor role, but may need to supervise those at an earlier career stage and 3rd party v Reports are produced security testing engagements
• Effectively report analysis and findings in the most accessible way (written reports, Jira, tickets, presentations etc)
• Maintain and develop security testing processes and related artefacts

#J-18808-Ljbffr…