- Design and execute penetration testing and source code review engagements against a variety of web services and software.
- Conduct research into real-world threat actor tactics, techniques, and procedures to develop playbooks.
- Maintaining in-depth documentation and auditing of actions taken during Red Team operations to provide deconfliction and non-repudiation.
- Provide actionable long-term risk mitigation guidance.
- Partner with engineers and product teams in driving remediation of weaknesses identified in application security review engagements.
- Stay abreast of the latest cyber security threats, trends, and attack techniques; continuously improve our testing methodologies and tools.
- Document and present results to a variety of audiences, ranging from technical engineers over non-technical subject matter experts to executive leadership.
- Minimum 3 years of experience in cybersecurity, or red team operations.
- Bachelor’s degree in information technology, related discipline, or relevant work experience
- Relevant Technical Security Certifications: Offensive Security (OSCP, OSEP, OSWA, OSWE), GIAC (GPEN, GWAPT, GCPN, CX-PT), Infosec (CCPT, CMWAPT, CRTOP), EC-Council (LPT Master), etc.
- Project management, cross-team coordination and driving organizational change.
- 3+ years’ experience in the following areas:
- Network penetration testing and manipulation of network infrastructure
- Web application assessments
- Scripting or automation of simple tasks using Python, Ruby, Go, etc.
- Developing, extending, or modifying exploits, shellcode or exploit tools.
- Source code review for control flow and security flaws
- Bypassing preventative and detective security controls to accomplish operational goals.