Role: Senior Offensive Security Engineer/Senior Penetration Tester/Senior Security Analyst
Location: New York-Onsite
Duration: Fulltime
BOLD certifications are required, Green are ideal experience.
Job Description:
Seeking a candidate to plan and execute penetration testing operations in collaboration with business partners, CISOs, BISOs, GSOC, and other stakeholders. The successful candidate will play a crucial role in testing the security program, and identifying potential gaps in people, processes, and technology.
Responsibilities:
• Plan, lead, and execute penetration testing engagements, simulating threat actor roles during tests, attack simulations, training, and exercises.
• Utilize simulated adversary threat-based approaches to expose and exploit vulnerabilities, improving the security of products and the technology landscape.
• Replicate tactics, techniques, and procedures used by modern attackers, including common network exploitation and penetration techniques, and software exploitation.
• Develop attack plans, coordinating with Red Team Operators and 3rd Party vendors to achieve objectives.
• Provide constructive feedback to defenders and product teams, emphasizing successes and failures.
• Develop, modify, and extend tools/exploits for security assessments, including custom tools and automation.
• Establish credibility as a trusted advisor to stakeholders and stay current with advanced attacks for application in red team activities.
• Assist defensive and product teams in understanding how to detect and stop cyber-attacks through purple teaming exercises and CTF demonstrations.
• Contribute to groundbreaking research and promote an environment of innovation and knowledge-sharing within the security enthusiast team.
• Act as an individual contributor, potentially overseeing those at earlier career stages and 3rd party reports in penetration testing engagements.
• Effectively report analysis and findings using various formats such as written reports, Jira, tickets, presentations, etc.
• Maintain and develop penetration testing processes and related artifacts.
Experience:
• Bachelor's degree in information systems/technology, Computer Science/Engineering, or equivalent field of study, or a minimum of 5 years of cyber security experience.
• Proven experience in Red Teaming and Penetration Testing.
• Minimum 3 years of deep, hands-on technical security experience, including expertise in security technologies, web applications, cryptography, social engineering, open-source intelligence gathering (OSINT), mobile platforms, software security, and malware reverse engineering.
• Deep technical understanding of enterprise operating system environments, Active Directory, and networking.
• Strong understanding of security vulnerabilities and common software engineering flaws.
• Familiarity with popular scripting languages and ability to automate simple tasks.
• Familiarity with CND-based analytical models (Kill Chain, ATT&CK, etc.).
• One or more of the following security certifications preferred: OSCP, OSCE, OSEE, OSWE, CREST, GXPEN.
• Experience working with Financial Services and Critical Infrastructure, including the CBEST, TIBER, iCAST, CORIE, AASE, NYDFS, and DORA testing parameters.
• Strong verbal and written communication skills, along with effective presentation skills.
• Ability to thrive in a fast-paced environment, with problem-solving and barrier-breaking skills.
