Glocomms are partnered with a Financial Services firm in the search for a Red Team Analyst/Penetration Tester to join the SecOps team based in NYC, Dallas or Chicago.
The position will focus on improving the overall security posture of the organization to protect assets and staff again threat and vulnerabilities by conducting thorough attack simulations to gather threat intel, network and applications pen-testing, mobile device testing, social engineering, and more.
The ideal candidate should have strong experience working with Web, Network, and Mobile applications, Open Source intelligence, the Dark Web, and strong knowledge of threat actor TTP's.
- Conduct attack simulations and create threat scenarios to test the security posture of the organization's infrastructure, web applications, mobile applications, network applications.
- Conduct intelligence gathering, pen-testing, social engineering, and threat emulation.
- Conducts OSINT via available resources whilst creating customer testing tools.
- Create payloads/exploits to be utilized during Red Team activities.
- Create artifacts and represent finding/reports to senior managements and debrief users on issues found.
- Collaborate with management to improve policies and procedures to support red team activities and security testing.
- Collaborate with Blue/Purple Team, IT Infrastructure teams, and Software teams on remediation efforts, evidence gathering, and strategic roadmap planning.
- Hold a high-level of integrity, ethics, and accountability for you actions ensuring healthy running of the security team in its high collaborative environment.
- 5+ years of experience in Information Security with 3+ years of Penetration Testing/Red Teaming experience.
- Extensive experience and understanding of Web Application, Network/Application, and Mobile Application penetration testing, as well as Social Engineering and ability to use OSINTs.
- Experience conducting threat emulations and attack simulations.
- Strong experience gathering threat intelligence, monitoring Dark Web and other relevant cyber threat feeds.
- Strong experience with scripting for process automation in Python, Bash, PowerShell, etc.
- Experience conducting data security testing.
- Hands-on experience with pen-testing tools such as Metasploit, Kali, Armitage, Cobalt Strike, Wireshark, Nmap, Nessus, Qualys, Bloodhound, etc.
- Strong tactical planning and execution skills.
- Excellent verbal and written communication skills.