Sr Security Engineer

Principal Responsibilities

• Lead red team exercises against a hybrid environment using threat intelligence and the MITRE Telecommunication &CK Framework.
• Participate in purple team exercises that are intelligence driven to test cyber detections
• Build and maintain Red and Purple team infrastructure, automating functions where possible.
• Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members.
• Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools.
• Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables.
• Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset.
• Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
• Active contributor to Red and Purple Team activities for internal presentations and conferences
• Position Requirements Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge.
• Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing.
• Expert understanding of Red Team concepts, tools, and automation strategies.
• Expert understanding of MITRE Telecommunication&CK framework tactics, techniques, and procedures.
• Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability.
• Expert understanding of Windows and Linux system hardening concepts and techniques.
• Expert understanding of modifying payloads to bypass detections like EDR.
• Expert understanding of how to compromise a company without using phishing.
• Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.).
• Experience with at least one cloud environment (AWS, GCP, Azure).
• Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective.

• Nice to have Previous experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings.
• Experience of using multi operating system command and control tools.
• Experience developing custom attack tradecraft or modifying existing tools.
• Experience using automated configuration management such as Chef.
• Experience discovering and exploiting vulnerabilities in AI systems.
• Experience of conducting Offensive Security and/or Red Team exercises against macOS, iOS, or ChromeOS.
• Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc.
• Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.).
• Knowledgeable in Agile project management.