Senior Red Operation & Team Penetration Testing Analyst
Aegon · United States · 2 wk ago
RemoteRemoteInformation Technology$100k–$140k/yrFull-time
What You Will Do
- Find new and creative ways to break technology through either Red Team or Purple Team operations
- Plan, scope, and implement large scale covert operations that have sophisticated goals and significant impact
- Develop new adversary tools, techniques, or methodologies
- Threat Hunting opportunities to partner with the teams Threat Hunters, using our special adversarial talents to discover and eradicate threats
- Engagement in all phases of Red Team security operations
- Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
- Configure and safely utilize attack tools, tactics, and procedures against authorized targets
- Develop scripts, tools, or methodologies to enhance red teaming capabilities
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
Qualifications
- Do No Harm approach: operational objectives cannot come at the expense of others
- Growth Mindset. Excited for opportunities to solve new problems every day
- Helpful demeanor. We are trusted adversaries and trust needs to remain strong
- Customization of Adversarial Tools: Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF are examples
- Defender experience and knowledge. Utilizing Splunk and finding risks
- Web application penetration testing assessments
- Email, phone, or physical social-engineering assessments
- Developing, extending, or modifying exploits, shell code or exploit tools
- Network penetration testing and manipulation of network infrastructure
- Relevant, recent and verifiable experience in information security and adversary simulation
- Detail knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
- Experience with Red, Blue, or Purple teaming exercises
- Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
- 3 or more years of Penetration Testing/Red Team experience
- Ability to define and communicate complex technical risk problems, concepts and situations to multiple skill levels, including business personnel with little to no cyber experience
- Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
- Experience with systems such as Service Now, JIRA, and equivalent
- Experience with leading group discussion and presenting to varying levels and audiences
- Self-motivated and self-management skills
- Preferred: Strong knowledge of Penetration Testing and covert Red Team operations and Information Security demonstrated by one or more of the following:
- Bachelor degree in Information/Cyber Security, Information Risk, Information Risk Management or equivalent experience
- Bachelor degree in Information Systems, Computer Science, Information Management or similar four-year technical degree or equivalent experience, combined with one or more of the following:
- Active Cyber Security certifications
- Experience in Insurance, Payments, Banking or other Fin-Tech Industries
Working Conditions
- This is a hybrid position requiring three days in office per week in one of our core locations (Cedar Rapids, IA and Denver, CO)
- Minimal travel may be required for training or team meetings
- May require work outside of normal office hours due to global support and meetings
Career Path
- The Salary for this position generally ranges between $100,000-$140,000 annually
- Please note that the salary range is a good faith estimate for this position and actual starting pay is determined by several factors including qualifications, experience, geography, work location designation (in-office, hybrid, remote) and operational needs.
- Salary may vary above and below the stated amounts, as permitted by applicable law.
- Additionally, this position is typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at the Company’s discretion.
Application
- Applicants must be authorized to work for any employer in the U.S.
- We are unable to sponsor or take over sponsorship of an employment Visa at this time.
- This is a hybrid position requiring three days in office per week in our Denver or Cedar Rapids hub location.
- Relocation assistance will not be provided for this position.