Overview:

About the role:

We are seeking an experienced and highly motivated Specialist Penetration Tester / Red Teamer to join our dynamic RedTeam. The ideal candidate will be responsible for conducting comprehensive penetration testing and red teaming activities to ensure the security and resilience of our infrastructure, applications, and networks. This role involves not only identifying vulnerabilities but also working collaboratively with the internal security team to implement effective remediation strategies.

Responsibilities:

• Red Team Operations & Penetration Testing: Perform proactive red teaming and penetration testing exercises on both internal and external assets to assess and improve the security posture.
• OSINT & Threat Intelligence: OSINT performs to gather information about our environment and threat landscape, leveraging open source / commercial tools and intelligence feeds.
• Application Security: Conduct in-depth penetration tests on web and mobile applications, including manual exploitation and automated scans. Provide detailed insights into vulnerabilities found, along with prioritized recommendations.
• Source Code Reviews: Perform manual and automated source code reviews to identify security weaknesses in applications, working closely with developers to remediate.
• Wireless & IoT Security Assessments: Evaluate and secure wireless networks and IoT devices through comprehensive testing and configuration review.
• Vulnerability Management: Support the existing vulnerability management program by identifying, prioritizing, and coordinating remediation of vulnerabilities across all organizational assets.
• Infrastructure & Server Hardening: Support in implementing hardening measures in line with industry standards such as CIS, ensuring all infrastructure components (e.g., servers, firewalls, databases) meet the organization's security baseline.
• Network & Ruleset Configuration Reviews: Conduct regular reviews of network and security device configurations (e.g., firewalls, VPNs) and rulesets to ensure best practices are followed and no misconfigurations exist.
• Active Directory Assessments: Perform detailed assessments of Azure cloud / On Prem Active Directory configurations, identifying potential weaknesses or attack paths, and recommending effective countermeasures.
• Documentation & Reporting: Develop comprehensive and articulate documentation for each assessment, including test plans, methodologies, findings, and detailed remediation steps.
• Collaboration & Security Awareness: Collaborate with cross-functional teams and business units to understand risk, share knowledge, and enhance security awareness within the organization.

Qualifications:

• Educational Background: Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Certifications: Preferred certifications such as OSCP, OSCE, CRTP, CREST, CISSP, GWAPT, or equivalent.
• Technical Expertise: Demonstrated experience with manual penetration testing methodologies and red teaming tactics. Strong command of industry-standard tools like Burp Suite, Metasploit, Nmap, Kali Linux, Bloodhound, etc.
• Experience in Diverse Assessments: Proven track record of conducting various assessments including network, infrastructure, web, mobile, wireless, and IoT, containers and K8s.
• Programming Skills: Proficiency in scripting languages (Python, PowerShell, Bash, etc.) for tool development, automation, and customization.
• Communication Skills: Exceptional communication skills with the ability to convey technical findings in a clear, concise, and professional manner to both technical and non-technical stakeholders.
• Team Player: A proactive mindset with a collaborative approach to working across the organization to improve security.