The #1 Site for IT and Engineering Jobs - search all IT and Engineering  jobs.

Sr. Offensive Security Consultant, Red Team

Job Description

Sr. Offensive Security Consultant, Red Team

Downtown Chicago

6-month CTH




Summary of Responsibilities:

The Sr. Offensive Security Consultant, Red Team reports to the Sr. Manager of Red Team and provides leadership and mentoring to a team of highly skilled offensive security consultants and is a subject matter expert to our client's businesses and functions on threat actor simulation exercises. This role will be responsible for the execution and coordination of ethical hacking and adversary emulation campaigns to identify weaknesses in security controls, platforms and infrastructure hardening, application logic and physical security. The Sr. Consultant - Red Team executes on strategic offensive security direction that is aligned with corporate business objectives, regulatory requirements and relevant attack scenarios.



Essential Functions



Team Leadership - Leads the execution of activities by specialized staff in offensive security campaigns aimed at identifying opportunities to enhance our client's security controls including malicious event detection, protection and response. Works with management and peers to foster the development of less experienced Offensive Security team members.

Subject Matter Expertise - Provides technical leadership as a red team subject matter expert to business areas, project teams and information security practitioners to apply and execute appropriate use of technology solutions. Leads efforts on the execution of Red Team operations to include pre-engagement, engagement and post-engagement activities. Advises on the efficacy of current processes for Red Team activities and challenges with regard to security standards and the impact of the technology.

Secure Testing - Performs team leadership to assist for offensive security testing projects according to a structured process, to include writing test plans, test cases and test reports. This may include oversight and/or execution of the configuration and deployment of security testing software and application of results to security analysis.

Information Security Risk Management - Works with leadership to mature red team, reporting and remediation guidance in alignment with local and global regulatory requirements and internal governing enterprise risk management policies. Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses. Leads the execution of planning, testing, tracking, and advises on necessary risk acceptance for identified security risks.

Secure Application Development - Leads the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, backend mainframe applications and databases, including manual, custom and industry known attack methods using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices.



Requirements:

The preferred candidate will possess the following:

• Bachelor's degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience.

• 5+ years of experience in the areas of Information Technology, Information Security, and/or Information Risk Management, 2 years red team experience and 2 years in a leadership position.

• Strong written and verbal skills with the ability to present complex technical observations to a non-technical audience.



Technical Knowledge

• Strong working knowledge of:

• Windows and Linux based platforms, applications and TCP/IP network security technologies

• Strong technical knowledge of multifaceted exploits and chained attacks.

• Demonstrated ability to execute attack emulations without detection.

• Information security concepts, principles and components of a comprehensive information security program

• Application Security concepts including common application security issues such as OWASP Top 10

• Strong, demonstrable aptitude for and interest in offensive and application security.

• Strong understanding of vulnerability exploitation and an aptitude for identifying weaknesses in controls and infrastructure.

• Advanced knowledge and/or demonstrated experience in application penetration testing



Work Environment Characteristics

• Self-motivated and results-oriented, including ability to prioritize conflicting demands.

• Exceptional organizational skills to balance work and lead the execution of multiple projects.

• Demonstrable leadership and interpersonal skills with experience in mentoring team members

• Strong initiative, consensus-building and ability to collaborate directly and build strong relationships with a variety of internal and external stakeholders (business, development, compliance, etc.)

• Ability to adapt and apply information to new scenarios and technologies.

• Role may require some international travel.



Preferred qualifications:

• Relevant professional certifications or working towards attainment such as: OSCE,OSCP, GWAPT, GMOB, GAWN, GXPN, GCIH, CPT, CEPT, GPEN, CEH, and CISSP

• Advanced knowledge of or demonstrated experience with defense in depth, trust levels, privileges and permissions

• Large complex multi-national Financial Services industry related experience

• Exploit development experience

• In-depth understanding and experience with detection and response evasion techniques.



Eight Eleven Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.

Job Requirements

 

Job Snapshot

Location US-IL-Chicago
Employment Type Contractor
Pay Type Year
Pay Rate $0.00 - $1,000.00 /Year
Store Type IT & Technical
Apply

Company Overview

Brooksource

Brooksource is an IT Services Company, specializing in the recruitment and placement of high level IT professionals. We offer competitive compensation, paid holidays, 401k, health benefits, flexible work schedules and just about anything a top tier candidate would demand. Our diverse client base covers all industries and provides us the opportunity to place you, the candidate, in positions that span the entire IT spectrum. Learn More

Contact Information

US-IL-Chicago
Melissa Moore
Snapshot
Brooksource
Company:
US-IL-Chicago
Location:
Contractor
Employment Type:
Year
Pay Type:
$0.00 - $1,000.00 /Year
Pay Rate:
IT & Technical
Store Type:

Job Description

Sr. Offensive Security Consultant, Red Team

Downtown Chicago

6-month CTH




Summary of Responsibilities:

The Sr. Offensive Security Consultant, Red Team reports to the Sr. Manager of Red Team and provides leadership and mentoring to a team of highly skilled offensive security consultants and is a subject matter expert to our client's businesses and functions on threat actor simulation exercises. This role will be responsible for the execution and coordination of ethical hacking and adversary emulation campaigns to identify weaknesses in security controls, platforms and infrastructure hardening, application logic and physical security. The Sr. Consultant - Red Team executes on strategic offensive security direction that is aligned with corporate business objectives, regulatory requirements and relevant attack scenarios.



Essential Functions



Team Leadership - Leads the execution of activities by specialized staff in offensive security campaigns aimed at identifying opportunities to enhance our client's security controls including malicious event detection, protection and response. Works with management and peers to foster the development of less experienced Offensive Security team members.

Subject Matter Expertise - Provides technical leadership as a red team subject matter expert to business areas, project teams and information security practitioners to apply and execute appropriate use of technology solutions. Leads efforts on the execution of Red Team operations to include pre-engagement, engagement and post-engagement activities. Advises on the efficacy of current processes for Red Team activities and challenges with regard to security standards and the impact of the technology.

Secure Testing - Performs team leadership to assist for offensive security testing projects according to a structured process, to include writing test plans, test cases and test reports. This may include oversight and/or execution of the configuration and deployment of security testing software and application of results to security analysis.

Information Security Risk Management - Works with leadership to mature red team, reporting and remediation guidance in alignment with local and global regulatory requirements and internal governing enterprise risk management policies. Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses. Leads the execution of planning, testing, tracking, and advises on necessary risk acceptance for identified security risks.

Secure Application Development - Leads the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, backend mainframe applications and databases, including manual, custom and industry known attack methods using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices.



Requirements:

The preferred candidate will possess the following:

• Bachelor's degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience.

• 5+ years of experience in the areas of Information Technology, Information Security, and/or Information Risk Management, 2 years red team experience and 2 years in a leadership position.

• Strong written and verbal skills with the ability to present complex technical observations to a non-technical audience.



Technical Knowledge

• Strong working knowledge of:

• Windows and Linux based platforms, applications and TCP/IP network security technologies

• Strong technical knowledge of multifaceted exploits and chained attacks.

• Demonstrated ability to execute attack emulations without detection.

• Information security concepts, principles and components of a comprehensive information security program

• Application Security concepts including common application security issues such as OWASP Top 10

• Strong, demonstrable aptitude for and interest in offensive and application security.

• Strong understanding of vulnerability exploitation and an aptitude for identifying weaknesses in controls and infrastructure.

• Advanced knowledge and/or demonstrated experience in application penetration testing



Work Environment Characteristics

• Self-motivated and results-oriented, including ability to prioritize conflicting demands.

• Exceptional organizational skills to balance work and lead the execution of multiple projects.

• Demonstrable leadership and interpersonal skills with experience in mentoring team members

• Strong initiative, consensus-building and ability to collaborate directly and build strong relationships with a variety of internal and external stakeholders (business, development, compliance, etc.)

• Ability to adapt and apply information to new scenarios and technologies.

• Role may require some international travel.



Preferred qualifications:

• Relevant professional certifications or working towards attainment such as: OSCE,OSCP, GWAPT, GMOB, GAWN, GXPN, GCIH, CPT, CEPT, GPEN, CEH, and CISSP

• Advanced knowledge of or demonstrated experience with defense in depth, trust levels, privileges and permissions

• Large complex multi-national Financial Services industry related experience

• Exploit development experience

• In-depth understanding and experience with detection and response evasion techniques.



Eight Eleven Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.

Job Requirements

 
Mwt2td5z6kzxt6hfr4z
Sologig Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using sologig.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
Sr. Offensive Security Consultant, Red Team Apply now