Pen Tester

Do you stay up late at night wondering how organizations actually get hacked in real life Do you read about real world breaches and think to yourself If that would have been me I would have done this instead Is it in your nature to think about security controls and how you could find a way around them If you answered yes to any of those questions please continue!

We are seeking an Adversary Emulation Operator to join Red Team to plan and execute intelligence driven Red Team operations to simulate criminal nation state and insider threats. This role goes beyond using automated tools and following typical penetration testing checklists instead we are seeking a candidate who understands how an attacker thinks and can translate this into repeatable outcome focused emulation campaigns designed to identify weaknesses early and improve existing defensive capabilities.

Education
University degree in Computer Science Cyber Security or a related field; or equivalent work experience.

Experience
Typically has 4 to 5 years of relevant work experience in Penetration Testing or Red Team operations.

Certifications

Has obtained one or more of the following certifications:
Offensive Security Certified Professional (OSCP) or higher Offsec cert
Certified Red Team Operator (CRTO)
SANS GXPN


Key Responsibilities
Develop and execute exploitation scenarios against network application mobile and wireless environments per scoped engagements with little to no supervision.
Translate threat intelligence into realistic attack scenarios mapping campaigns to specific threat actor groups
Stay current on emerging offensive security techniques
Continually evolve existing Tactics Techniques and Procedures (TTPs) in use by the Red Team to match TTPs used by real world adversaries
Conduct phishing and OSINT-driven social engineering campaigns.
Develop and refine payloads and attack paths across Swift infrastructure.
Link technical exploitation to risks associated with the business.
Conduct physical security assessments to include RF site surveys and attempts to circumvent physical security controls
Share techniques lessons learned and tool improvements with peers.
Support Purple Teaming activities by working closely with the Security Operations Centre (SOC) to identify and help remediate detection gaps.

Competency Profile
Deep sense of belonging to and contributing to a team yet can operate independently when necessary across phases of a campaign within different environments.
Can chain vulnerabilities to achieve privilege escalation and lateral movement.
Able to document technical details clearly for senior review.
Strong knowledge of common technologies within an enterprise environment (e.g. Windows Active Directory (AD) Linux cloud environments etc).