01 : Red Team - Lead
Resource should understand concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations.
A typical job could be breaking into a segmented secure zone , reverse engineering an application, infra, cloud and encryption method in order to gain access to the targeted systems.
Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
8+ years of IT professional experience, with 6+ years Information Security experience, with previous as a red team member
Define scope, objectives, and timelines for executing red team assessments and leverage data to create useful metrics
Experience in developing red team end to end operational frameworks and standards
Conduct and manage red team assessments against a diverse cloud environment and find vulnerabilities in software, systems, networks and infrastructure to accomplish Red Team goals
Experience in performing network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
An in-depth level of knowledge of Windows exploitation and Active Directory
Knowledge in finding and exploiting bugs and misconfigurations in : AWS, GCP, and Azure
Experience in working with Breach and Attack Simulation (BAS) tools such as AttackIQ, SafeBreach etc.,
Perform simulated security testing against corporate web applications, networks and infrastructure (Windows, *nix, cloud)
Deep understanding of attack surfaces, including hands-on experience with various Cybersecurity technologies and standards (MITRE ATT&CK framework)
Ability to effectively present and communicate security threats and risks to any audience with the mitigation techniques and strategies.
Recognized as a go to person by teams including Incident Response, Security Operations, Vulnerability Management, and Penetration testing teams.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Possess a solid understanding of the Linux or Unix family of OS and their underlying components / Networking basics.
Hands-on experience in scripting e.g. Korn Shell, Python / Perl / Ruby / Go
Strong interpersonal skills with the ability to communicate and work effectively across the organization.
Security Certifications - OSCP, GPEN, GXPN, OSCE or similar certifications
Preferred to have a published CVE, Github projects, bug bounty profiles, hackthebox profile, or similar