Job Summary:
We are seeking an experienced and highly skilled Red Teamer with a strong focus on Application Security (AppSec), Cloud Infrastructure, Network Security and Exploit Creation. This role involves conducting sophisticated red team engagements, simulating advanced threat scenarios and testing the overall security posture of the organization. The ideal candidate will have a deep understanding of penetration testing tools and techniques, leverage emerging threat intelligence updates, possess strong technical expertise in multiple security domains and have the ability to collaborate effectively with Blue and Purple Teams to enhance our defense mechanisms.
WHAT YOU WILL BE DOING
- Red Team Engagements: Plan, design and execute advanced red team exercises focused on AppSec, infrastructure, network security and exploit development.
- Emulate sophisticated threat actors, simulating attacks that target critical business applications, infrastructure and networks.
- Conduct stealthy penetration testing, avoiding detection by security defenses while identifying vulnerabilities and weaknesses.
- Exploit Creation and Security Testing: Develop custom exploits and tools to bypass security controls and gain unauthorized access to sensitive systems.
- Test and evaluate the effectiveness of security measures by crafting and deploying sophisticated attack vectors.
- Utilize and customize security tools including Metasploit, Safebreach, Burp Suite, Nmap, Cobalt Strike, BloodHound and more.
- Collaboration with Blue and Purple Teams: Work closely with Blue and Purple Teams to enhance threat detection, incident response and overall security posture.
- Provide insights and recommendations for improving security controls based on findings from red team activities.
- Conduct internal testing and staging of red team tests to ensure readiness and effectiveness.
- Support threat modeling and risk assessments to identify and prioritize potential attack vectors.
- Contribute to the development and refinement of security frameworks and strategies, aligning with industry standards such as MITRE ATT&CK, NIST and ISO 27001.
WHAT YOU BRING
- Qualifications:
- Education: Bachelor’s degree in Computer Science, Information Security
- Relevant certifications (e.g., OSCP, OSCE, SANS GPEN, GXPN, GICSP, GWAPT, OSWE) are highly desirable.
- Deep understanding of various attack methodologies, threat landscapes, and adversarial tactics, techniques, and procedures (TTPs).
- Experience:
- 10+ years of experience in cybersecurity, with at least 7 years of experience in a Red Team or offensive security role.
- Proven experience in Application Security (AppSec), cloud infrastructure security, network security and exploit development.
- Experience with scripting and programming languages such as Python, PowerShell, or Bash.
- Familiarity with threat modeling, risk assessment methodologies and security frameworks such as MITRE ATT&CK, NIST and ISO 27001 is a plus
- Skills:
- Strong knowledge of penetration testing tools and techniques, including Metasploit, Burp Suite, Nmap, Cobalt Strike, BloodHound, Empire, PurpleSharp, AttackIQ, MITRE Caldera, Wireshark, Kali Linux, Vulnerability Management Tools, Rapid7, Tenable, Qualys and OWASP security scanners.
- Strong understanding of network protocols, operating systems (Windows, Linux) and cloud environments AWS & Azure.
- Experience with automation, scripting (Python, Go, Shell, Bash, JS etc.) for custom testing.
- In Depth knowledge of secure coding practices.
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer, and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
•
Last updated on Sep 10, 2024