Senior Red Team Tester - Offensive Cyber Operations Team
A motivated Senior Red Team Tester is required to join the Penetration Testing Team within the Global Information Consultancy Team. The primary objective is to find underlying weaknesses and identify vulnerabilities that could be exploited by external or internal attackers. Their role involves conducting thorough assessments based on real-world scenarios, generating realistic vulnerabilities and complex multi-stage attacks.
The successful candidate will function as a senior cyber security professional for a wide range of technologies within the corporate network. They will work closely alongside the rest of the Penetration Testing team, business units, and other Cyber teams.
We are looking for a collaborative collaborator, with good technical knowledge in web application and infrastructure penetration testing, extensive vulnerability knowledge, and someone that can identify security risks and suggest improvements to prevent security incidents occurring. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.
Responsibilities:
1. Red Team Assessments: To plan and execute complex assessments to identify vulnerabilities, weaknesses, and misconfigurations for technologies used within the network environment.
2. Purple Team Assessments: Collaborate with other cyber defense and IT teams to evaluate the effectiveness of detective controls in place.
3. Threat Profiling: Good working knowledge of threat actors and the tactics, techniques, and procedures (TTPs).
4. Penetration Testing: Performing controlled attacks on web applications, APIs, infrastructure, and simulating real-world hacking attempts to identify potential entry points for attackers.
5. Simulated Phishing Attacks: Work with the Security Education and Awareness team to produce phishing emails based on real-world scenarios with up-to-date threats in a controlled manner.
6. Security Analysis: Analyzing the results of red team assessments to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
7. Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation.
8. Remediation Support: Collaborating with cyber teams, IT teams, developers, and system administrators to assist in the remediation of identified vulnerabilities.
9. Mentoring: Supporting colleagues in the Penetration Team in all aspects of the job, technical and procedural.
10. Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices.
11. Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework.
12. Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications.
The Requirements:
Holds relevant industry certification/s or equivalent like the following:
1. CEH – Certified Ethical Hacker
2. OSCP – Offensive Security Certified Professional
3. GRTP – GIAC Red Team Professional
4. GPEN – GIAC Penetration Tester
5. GWAPT – GIAC Web Application Penetration Tester
6. GDAT – GIAC Defending Advanced Threats
7. CRT - CREST Registered Penetration Tester
8. CCSAS – CREST Certified Simulated Attack Specialist
Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.
#J-18808-Ljbffr