Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this 6+ month contract role* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
23/07/2024
Project-based
*We are unable to sponsor for this 6+ month contract role* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
Request Technology - Craig Johnson
Chicago, Illinois
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
23/07/2024
Full time
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
*We are unable to sponsor for this 6+ month contract role* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
23/07/2024
Project-based
*We are unable to sponsor for this 6+ month contract role* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
23/07/2024
Full time
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Red Team Security Test Consultant. Candidate will support the Security Red team responsible for supporting Red team to increase security posture against all threats. This individual will work with the Red team to plan, design and execute security red team related activities. The position will interact with Cyber Defense, Security Assurance and IT teams for the duration of the engagement. Members of the Red Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Red Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy preventative and detective controls. The ideal candidate will have extensive experience in more than one of the following: Open Source Intelligence, Network Penetration Testing, Web Application Testing, Mobile Application and Device Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, and Social Engineering. Experience testing database Servers as well as expertise with custom Scripting and automation in at least one proficient language is required. This candidate must be driven, an excellent communicator, enthusiastic, a good mentor and have the desire to stay ahead of todays emerging threats and attack techniques. Responsibilities: Support in policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Perform independent reviews of security, network, and applications. Plan/Design/Execute security related activities and create artifacts. Stay on-time, on-budget, and within scope of testing activities. Develop clear detailed reports and recommendations based on concrete evidence. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise. Participate in developing a security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends. Adhere to the best practices and work for delivering secured and quality products. Consult with technical experts and system owners on all aspects of Information Security and Compliance. Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture. Participate in Lessons Learned process to provide information to help improve practices, methodologies, tools, and other technologies. Stay current on emerging technology trends and the threat landscape. Advise IT on current and emerging threats, their attack vectors, and how to mitigate them. Qualifications : BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage)
Mission Context: Do you want to shape the future of banking today? At BNP Paribas Fortis, the leading bank in the country, our team transforms challenges into opportunities, providing clients with innovative solutions tailored to their needs. Our Centre of Expertise (COE) Security department supports IT and Business in making informed information security risk decisions and implementing a robust information security management system. The purpose of the Cyber Defense team is to prepare for and respond to unauthorized cyber activities by providing the following services: - Proactive Services: Support and intelligence to prepare and secure bank systems against cyber-attacks, ensuring the collection, assessment, and sharing of threat information. - Reactive Services: Activated by a request, incident, or event identified by an intrusion detection system or reported by humans. To support these services, BNP Paribas Fortis is seeking a Security Logging & Monitoring Specialist. Role Overview: Your Future Role: The Security Logging & Monitoring Specialist represents various stakeholders and the internal client's voice, identifying their expectations, preferences, and aversions, and translating these into business requirements. The Specialist ensures the engineering team thoroughly understands the products and monitors progress. The role includes defining stories, prioritizing the backlog, and organizing the execution of operational priorities while maintaining the conceptual and technical integrity of features/user stories. The Specialist also plays a significant role in quality assurance and is empowered to judge the finalization of stories. Key Responsibilities: - Translate the Cyber Defense vision and strategy into a target operating model and processes for Security Logging & Monitoring capabilities. - Effectively communicate the target operating model and processes to key stakeholders and Cyber Defense team members. - Incorporate stakeholder input into the product roadmap and negotiate priorities based on value to BNP Paribas Fortis. - Collaborate daily with stakeholders and IT teams to clarify requirements, remove roadblocks, and ensure alignment around Security Logging & Monitoring capabilities. - Ensure delivery of the Security Logging & Monitoring yearly roadmap by partnering with delivery teams, removing barriers, and resolving issues quickly and efficiently. - Set quality standards for delivery, develop test plans, monitor user story acceptance criteria, review deliverables, provide feedback, and improve team processes. - Lead problem resolution to ensure prompt and efficient service. - Manage Security Logging & Monitoring key performance indicators (KPIs). Applicative Security Logging & Monitoring: - Understand banking applications (API, Payments) and their business context. - Translate a complex applicative ecosystem, distributed across many layers and devices, into effective detection conditions (events, log sources, detection logic). - Improve and maintain the applicative use case creation and maintenance methodology, considering the relationships among all actors involved locally and in the BNPP Group. Language Requirements: - Dutch: Good spoken (preferable) - French: Good spoken (mandatory) - English: Fluent spoken & written (mandatory) Education: Bachelor's or Master's degree or equivalent by experience. Technical Experience (Mandatory): - At least 5 years of experience in information security, preferably 7 years. - Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, SOC tooling, etc.). - Experience building SOC-related frameworks: target operating models, roles, processes. - Experience with processes in a SOC or CSIRT environment. - Experience setting best practices and quality controls over SOC processes. - Knowledge of the applicative security ecosystem. Preferable: - Knowledge of the architecture of banking applications. - Knowledge of log aggregation, SIEM solutions, and Digital Analytics Platforms such as Splunk, ArcSight, ELK, etc. - Knowledge of Web Application Security Development (OWASP).
23/07/2024
Project-based
Mission Context: Do you want to shape the future of banking today? At BNP Paribas Fortis, the leading bank in the country, our team transforms challenges into opportunities, providing clients with innovative solutions tailored to their needs. Our Centre of Expertise (COE) Security department supports IT and Business in making informed information security risk decisions and implementing a robust information security management system. The purpose of the Cyber Defense team is to prepare for and respond to unauthorized cyber activities by providing the following services: - Proactive Services: Support and intelligence to prepare and secure bank systems against cyber-attacks, ensuring the collection, assessment, and sharing of threat information. - Reactive Services: Activated by a request, incident, or event identified by an intrusion detection system or reported by humans. To support these services, BNP Paribas Fortis is seeking a Security Logging & Monitoring Specialist. Role Overview: Your Future Role: The Security Logging & Monitoring Specialist represents various stakeholders and the internal client's voice, identifying their expectations, preferences, and aversions, and translating these into business requirements. The Specialist ensures the engineering team thoroughly understands the products and monitors progress. The role includes defining stories, prioritizing the backlog, and organizing the execution of operational priorities while maintaining the conceptual and technical integrity of features/user stories. The Specialist also plays a significant role in quality assurance and is empowered to judge the finalization of stories. Key Responsibilities: - Translate the Cyber Defense vision and strategy into a target operating model and processes for Security Logging & Monitoring capabilities. - Effectively communicate the target operating model and processes to key stakeholders and Cyber Defense team members. - Incorporate stakeholder input into the product roadmap and negotiate priorities based on value to BNP Paribas Fortis. - Collaborate daily with stakeholders and IT teams to clarify requirements, remove roadblocks, and ensure alignment around Security Logging & Monitoring capabilities. - Ensure delivery of the Security Logging & Monitoring yearly roadmap by partnering with delivery teams, removing barriers, and resolving issues quickly and efficiently. - Set quality standards for delivery, develop test plans, monitor user story acceptance criteria, review deliverables, provide feedback, and improve team processes. - Lead problem resolution to ensure prompt and efficient service. - Manage Security Logging & Monitoring key performance indicators (KPIs). Applicative Security Logging & Monitoring: - Understand banking applications (API, Payments) and their business context. - Translate a complex applicative ecosystem, distributed across many layers and devices, into effective detection conditions (events, log sources, detection logic). - Improve and maintain the applicative use case creation and maintenance methodology, considering the relationships among all actors involved locally and in the BNPP Group. Language Requirements: - Dutch: Good spoken (preferable) - French: Good spoken (mandatory) - English: Fluent spoken & written (mandatory) Education: Bachelor's or Master's degree or equivalent by experience. Technical Experience (Mandatory): - At least 5 years of experience in information security, preferably 7 years. - Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, SOC tooling, etc.). - Experience building SOC-related frameworks: target operating models, roles, processes. - Experience with processes in a SOC or CSIRT environment. - Experience setting best practices and quality controls over SOC processes. - Knowledge of the applicative security ecosystem. Preferable: - Knowledge of the architecture of banking applications. - Knowledge of log aggregation, SIEM solutions, and Digital Analytics Platforms such as Splunk, ArcSight, ELK, etc. - Knowledge of Web Application Security Development (OWASP).
Red Teamer Salary: Starting at $150k plus bonus Hybrid Location: Chicago, IL/Dallas, TX Remote Locations: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
23/07/2024
Full time
Red Teamer Salary: Starting at $150k plus bonus Hybrid Location: Chicago, IL/Dallas, TX Remote Locations: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
Red Teamer Salary: Starting at $150k plus bonus Hybrid Location: Chicago, IL/Dallas, TX Remote Locations: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
23/07/2024
Full time
Red Teamer Salary: Starting at $150k plus bonus Hybrid Location: Chicago, IL/Dallas, TX Remote Locations: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
Contract - Red Team Penetration Tester Rate: Open Location: Remote in the following states: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, WI, DC Qualifications Bachelor's degree 8+ Years' experience of Penetration testing 10+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
23/07/2024
Project-based
Contract - Red Team Penetration Tester Rate: Open Location: Remote in the following states: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, WI, DC Qualifications Bachelor's degree 8+ Years' experience of Penetration testing 10+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
Red Teamer Salary: Starting at $150k plus bonus Location: Chicago, IL/Dallas, TX/Remote *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
23/07/2024
Full time
Red Teamer Salary: Starting at $150k plus bonus Location: Chicago, IL/Dallas, TX/Remote *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
Red Teamer Salary: Starting at $150k plus bonus Hybrid Location: Chicago, IL/Dallas, TX Remote Locations: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
23/07/2024
Full time
Red Teamer Salary: Starting at $150k plus bonus Hybrid Location: Chicago, IL/Dallas, TX Remote Locations: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI *This role is not open to C2C, Contract, or Contract to Hire* Qualifications Bachelor's degree 3+ Years' experience in a Red Teamer role 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as CrowdStrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, PowerShell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools Responsibilities Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team
*Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office Chicago, IL/Dallas, TX* A prestigious company is looking for a Red Teamer Hacker. This company needs a hardcore, hands-on hacker who can hack into anything enterprise wide. This hacker will need experience with C2 (Command & Control Infrastructure) and be able to hack networks, infrastructure, devices, database, etc. They will need black, gray, and White Box experience. Qualifications: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage, Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
23/07/2024
Project-based
*Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office Chicago, IL/Dallas, TX* A prestigious company is looking for a Red Teamer Hacker. This company needs a hardcore, hands-on hacker who can hack into anything enterprise wide. This hacker will need experience with C2 (Command & Control Infrastructure) and be able to hack networks, infrastructure, devices, database, etc. They will need black, gray, and White Box experience. Qualifications: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years experience of Penetration testing 5+ Years experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage, Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
*Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office Chicago, IL/Dallas, TX* A prestigious company is looking for an Associate Principal, Red Team Tester. This tester will plan, design, and execute security red teaming. These Red team activities include Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Qualifications: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years' experience of Penetration testing 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage, Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.
23/07/2024
Full time
*Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office Chicago, IL/Dallas, TX* A prestigious company is looking for an Associate Principal, Red Team Tester. This tester will plan, design, and execute security red teaming. These Red team activities include Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Qualifications: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 3+ Years' experience of Penetration testing 5+ Years' experience in Information Assurance or Information Security environment. Strong proficiency in Network, Web Application, and Mobile Device security testing Demonstrated exploit, payload, and attack framework development experience Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting Strong proficiency in social engineering and intelligence gathering. Strong experience with custom Scripting (Python, Powershell, Bash, etc.) and process automation. Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). Strong proficiency with common penetration testing tools (Kali, Armitage, Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating System/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Testing, Social Engineering, Basic Emissions/Signals Testing, Physical Security Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion Stealth techniques, etc. Conduct ad-hoc white-box penetration testing work of company infrastructure that is still currently in Development, or in need of pre-Production penetration testing Research and execute Cyber Defense Evasion techniques to help enhance Cyber Defense monitoring/alerting capabilities Build Command and Control (C2) infrastructure, and obfuscate the C2 network traffic and payloads to avoid detection by the Cyber Defense team Coordinate with IT owners to re-test and validate remediated Red Team findings Execute Open Source Intelligence Collection and Analysis Techniques (OSINT); leverage available resources and develop custom tools. Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities. Perform security risk assessment, threat analysis and threat modelling. Assist management with the improvement of policies and procedures to support Security Testing and Red Team activities as well as other security duties which may arise.