Senior Red Team Tester - Offensive Cyber Operations Team
Senior Red Team Tester - Offensive Cyber Operations Team
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
A motivated Senior Red Team Tester is required to join the Penetration Testing Team within the Global Information Consultancy Team. The primary objective is to find underlying weaknesses and identify vulnerabilities that could be exploited by external or internal attackers. Their role involves conducting thorough assessments based on realworld scenarios generating realistic vulnerabilities and complex multistage attacks.
The successful candidate will function as a senior cyber security professional for a wide range of technologies within the corporate network. They will work closely alongside the rest of the Penetration Testing team Business units and other Cyber teams.
We are looking for a collaborative collaborator with good technical knowledge in web application infrastructure penetration testing extensive vulnerability knowledge and someone that can identify security risks and suggest improvements to prevent security incidents occurring. The successful candidate will contribute to and work as part of a global multidisciplined security community with clear vision and direction and topdown support across the business.
The Role:
Red Team Assessments: To plan and execute complex assessments to identify vulnerabilities weaknesses and misconfigurations for technologies used within the network environment.
Purple Team Assessments: Collaborate with other cyber defence and IT teams to evaluate the effectiveness of detective controls in place.
Threat Profiling: Good working knowledge of threat actors and the tactics techniques and procedures (TTPs)
Penetration Testing: Performing controlled attacks on web applications. APIs infrastructure and simulate realworld hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques tools and methodologies to exploit vulnerabilities and gain access.
Simulated Phishing attacks: Work with the Security Education and Awareness team to produce phishing emails based on real world scenarios with uptodate threats in a controlled manner.
Security Analysis: Analyzing the results of red team assessments to assess the severity of identified vulnerabilities their potential impact on the system and the business and the likelihood of exploitation.
Reporting and Documentation: Preparing detailed reports that document the findings including identified vulnerabilities attack vectors and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
Remediation Support: Collaborating with cyber teams IT teams developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on security best practices secure coding practices recommending security controls or validating the effectiveness of implemented fixes.
Mentoring: Supporting colleagues in the Penetration Team in all aspects of the job technical and procedural.
Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities attack techniques security tools and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework ensuring that the organizations systems and data are not compromised or harmed during the process.
Continuous Improvement: Engaging in professional development activities such as attending conferences participating in training programs and obtaining relevant certifications to enhance knowledge and skills in cyber security.
Qualifications
The Requirements
Minimum Criteria:
Education: A bachelors degree in a related field such as computer science information security or cybersecurity is commonly preferred but not always mandatory. Relevant industry experience can compensate for formal education requirements.
Technical Knowledge: A strong understanding of web technologies programming languages (e.g. HTML CSS JavaScript PHP Python) and web application architecture is essential. Knowledge of networking fundamentals operating systems and databases is also beneficial.
Strong knowledge of the cyber chain common tactics techniques and procedures which are often used by adversaries.
Must have strong research capabilities and be up to date with the cyber industry.
Web Application Security: Indepth knowledge of web application vulnerabilities common attack techniques and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
Infrastructure security: Working knowledge of different onprem and cloud builds (IaaS PaaS SaaS) indepth understanding of operating system and its common flaws.
Penetration Testing Techniques: Proficiency in various penetration testing methodologies tools and frameworks. Experience with manual testing techniques automated vulnerability scanners and exploit frameworks is necessary.
Programming and Scripting: Proficiency in at least one programming language (e.g. Python Ruby or JavaScript etc. to write custom scripts and tools. Understanding SQL queries for database testing is also important.
Analytical and ProblemSolving Skills: Ability to analyze complex web application environments identify vulnerabilities and exploit them. Strong problemsolving skills to understand attack vectors and recommend appropriate countermeasures.
Holds relevant industry certification/s or equivalent like the following:
CEH Certified Ethical Hacker
OSCP Offensive Security Certified Professional
GRTP GIAC Red Team Professional
GPEN GIAC Penetration Tester
GWAPT GIAC Web Application Penetration tester
GDAT GIAC Defending Advanced Threats
CRT CREST Registered Penetration Tester
CCSAS CREST Certified Simulated Attack Specialist
Practical experience gained through participation in bug bounty programs capturetheflag (CTF) competitions and realworld projects can also be valuable in showcasing skills and expertise.
At WTW we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.
Were committed to equal employment opportunity and provide application interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers from the application process through to joining WTW please email
Required Experience:
Senior IC
Employment Type
Full-Time
