Red Team Operator, Senior

About The Position

Requirements

• Experience using, administering, and troubleshooting software, including Linux and Ubuntu
• Experience scripting and editing existing code and programming, including Perl, Python, Ruby, Bash, C, C++, C#, or Java
• Experience developing, extending, or modifying exploits, shellcode, or exploit tools to evade common EDRs
• Experience with security assessment tools, including Nessus, Accunetix, Metasploit, Burp Suite Pro, Cobalt Strike, Sliver, Havoc, or Covenant
• Experience with Cloud environments and their major technologies, including IAM and EntraID, EC2 and Compute, VPC and Networking, EBS and Storage, S3, or Lambda
• Experience working in a Windows environment and with Active Directory
• Knowledge of network vulnerability assessments, web application security testing, network penetration testing, red teaming, or security operations
• Knowledge of open security testing standards and projects, including OWASP and ATT&CK
• Ability to present technical findings to both technical and non-technical audiences
• HS diploma or GED
• U.S. citizenship is required

Nice To Haves

• 5+ years of experience in offensive security testing such as web application security testing, network penetration testing, red teaming, or purple teaming
• Experience working in a commercial or services environment
• Experience with phishing and other social engineering tactics
• Experience with assembly languages, including x86 or reverse engineering
• Experience with hardware reverse engineering using JTAG or UART
• Experience with Terraform or similar automation technologies
• Experience with physical security assessments, including the use of proxmark3 or similar proximity card spoofing or copying devices
• Bachelor’s degree in Computer Engineering, CS, or a related field
• Offensive Security Certification, including OSWP, OSCP, OSCE, OSWE, SANS, GAWN, GPEN, or GXPN Certification

Responsibilities

• Validate security controls and incident response through offensive security operations such as Red and Purple Teaming
• Interface directly with client leadership and technical security staff to lead Red and Purple team engagements
• Enhance existing services offerings and security testing capabilities
• Conduct hands-on technical testing focused on detection and response that necessitates continuously customized tooling to avoid AV, EDR, and other protection technologies
• Conduct full exploitation and leveraging of access within multiple environments, including complex Active Directory and mixed Windows and Nix environment
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel
• Apply security testing and penetration testing techniques and mindset to a wide range of projects
• Act as the primary interface and lead for small red teams of up to 3 additional testers and manage the delivery of staff assignments, as needed
• Perform cutting-edge research and promote an environment of innovation and knowledge-sharing

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program