Penetration Testing Consultant / Cyber Security Analyst – Red Team
Role and Responsibilities
- Penetration Testing: manages and conducts internal and external penetration testing. Vets and coordinates 3rd party vendors and the business to deliver high quality penetration and red team testing. Reviews and validates security findings. Works with the business and information security teams to understand security gaps and guide on improvements.
- Vulnerability Scanning: runs and manages vulnerability scans. Maintains and continuously improves the vulnerability scanning infrastructure. Proactively seeks to minimize operational impact through vulnerability scanning process improvement.
- Threat Automation: creates, develops and manages projects and products that continuously simulate new and emerging security threats and threat actors. Writes, validates and augments tools to support our evolving security requirements, use cases and organizational threat goals. Evaluates and implements software with scalability and repeatability in mind, ensuring that security controls are accurate and measurable.
- Red Team Intelligence: plans, develops and manages unique red team projects to support strategic information security goals. Gains deep insight into infrastructure, applications, business, operational and personnel processes to accurately inform on security risks and vulnerabilities. Emulates and applies real world threat intelligence and attacker techniques to effectively test organizational security. Stays informed, and tenaciously pursues applicable attack paths.
Certifications
- OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications, CISSP, Certified Ethical Hacker (CEH) required. Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming, strong knowledge on OWASP Top 10, Mobile Application PenTesting.
Role and Responsibilities
- Penetration Testing: manages and conducts internal and external penetration testing. Vets and coordinates 3rd party vendors and the business to deliver high quality penetration and red team testing. Reviews and validates security findings. Works with the business and information security teams to understand security gaps and guide on improvements.
- Vulnerability Scanning: runs and manages vulnerability scans. Maintains and continuously improves the vulnerability scanning infrastructure. Proactively seeks to minimize operational impact through vulnerability scanning process improvement.
- Threat Automation: creates, develops and manages projects and products that continuously simulate new and emerging security threats and threat actors. Writes, validates and augments tools to support our evolving security requirements, use cases and organizational threat goals. Evaluates and implements software with scalability and repeatability in mind, ensuring that security controls are accurate and measurable.
- Red Team Intelligence: plans, develops and manages unique red team projects to support strategic information security goals. Gains deep insight into infrastructure, applications, business, operational and personnel processes to accurately inform on security risks and vulnerabilities. Emulates and applies real world threat intelligence and attacker techniques to effectively test organizational security. Stays informed, and tenaciously pursues applicable attack paths.
Certifications
- OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications, CISSP, Certified Ethical Hacker (CEH) required. Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming, strong knowledge on OWASP Top 10, Mobile Application PenTesting.