Responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology.
Assess EG’s existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.).
Work with Threat Research team to develop red team scenarios consistent with real attacks as well as business lines understanding their threats.
Plan and execute complex red-team exercise by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progresses to partners.
Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection.
Deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities.Perform mobile pen testing (android or/and iOS).
Who you are:
Bachelor’s Degree in Engineering, Computer Science/Information Technology or its equivalent with real passion for security researching
5+ years of experience executing large scale penetration testing / red team testing assessments of highly critical systems
OSCP, OSCE, GPEN, CREST or similar certifications will be a plus
Strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other.
Expertise in mobile pen testing (android or/and iOS).
Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire, Cobalt Strike, mobile security frameworks etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
Ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others.
Communication skillset to influence other technology leaders during strategic recommendations on security issues identified.Exposure to cloud pen testing skills.
Penetration Testing, OWASP
--
You must verify your mobile number to apply to this job.