CYE is looking for a Red Team expert with a deep understanding of both information security and computer science. The right person will have to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. This is not a “press the button” type of job! This career is technical and challenging with opportunities to work in some of the most exciting areas of security on extremely technical and challenging work. A typical job could be breaking into a segmented secure zone at a Fortune 500 organization, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected.
- Global organization red-team assessments and security posture
- Co-ordinate and execute systems and network level advanced red team exercises for different environments
- Design and develop scripts, frameworks and tools required for facilitating and executing complex undetected attacks
- Configure and troubleshoot security infrastructure devices
- Develop technical solutions and new security capabilities to help mitigate security vulnerabilities and automate repeatable tasks
- Write or assist with comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
- 5 years of experience leading penetration testing, application testing, and red team engagements
- Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
- Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
- Detailed technical knowledge in multi-security domains (Web, Network, OS, DB, IoT, Cloud, SCADA- advantage…)
- Knowledge in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Expertise in performing advanced exploitation and post-exploitation attacks as part of ethical hacking exercises including writing proof-of-concept exploits and creating custom payloads and modules for common ethical hacking frameworks and tools