at Teksystems in Chicago, Illinois, United States
Job Description
Top Skills’ Details1. First Stage: Lead planning, building and scoping for red team, purple team, and penetration test assessments to address threat intelligence into techniques
2. Second Stage: Execution, developing tools and reporting (must have malware development experience writing code to avoid code detection and enable actions)
3. Research and integrate the latest tools, tactics, techniques, procedures, and developments in vulnerability research, exploitation, privilege escalation, defense evasion, lateral movement, and means of achieving objectives into new or existing capabilities.
- Must have strong coding experience with adversarial tooling, in addition to strategy and communication skills to drive results across the security organization
Secondary Skills – Nice to Haves
Job Description Duties
1. Lead planning, scoping, execution, and reporting of red team, purple team, and penetration test assessments involving people, processes, and technologies.
2. Demonstrate expertise in simulating/emulating threat actor tactics, techniques, and procedures (TTPs) and reconnaissance, social engineering, cloud, web application, API, infrastructure, network, and physical security testing techniques.
3. Demonstrate expertise in command and control (C2) and payload development and modification to circumvent network and endpoint security controls (e.g., EDR, NDR, etc.).
4. Develop and deploy tooling, services, infrastructure, etc. as needed.
5. Collaborate with information security teams to improve prevention, detection, and response capabilities and provide guidance and support to teams risk managing assessment findings.
6. Improve operational efficiency and grow Ethical Hacking capabilities by building, adapting, evaluating, and/or automating tooling, infrastructure, services, processes, procedures, methodologies, playbooks, templates, and knowledge bases.
7. Research and integrate the latest tools, tactics, techniques, procedures, and developments in vulnerability research, exploitation, privilege escalation, defense evasion, lateral movement, and means of achieving objectives into new or existing capabilities.
8. Exhibit professionalism, act ethically and with integrity, operate securely, and ensure consistent high quality practices/work, and achieve business results in alignment with strategies and productivity goals.
9. Perform other duties as required.
Skills
1. In-depth knowledge of methodologies, frameworks, tactics, techniques, procedures, and tools that promote effective testing, analysis, and the ability to determine root cause and create solutions that resolve risk in the best interest of the business.
2. Proficient in the use of testing frameworks, tools, and scripting and development languages, such as, Kali Linux, Cobalt Strike, OST, Burp Suite, Docker, etc.
3. In-depth knowledge of Active Directory, Windows and Linux internals, social engineering, simulation/emulation planning, and circumventing security controls.
4. Experience collaborating with developers, administrators, engineers, architects, and internal and external stakeholders to drive effective planning, scoping, execution, and risk management.
5. Experience conducting penetration testing, red team, and/or purple team assessments as a consultant or a demonstrated ability to support multiple concurrent assessments.
6. Experience writing and delivering technical reports and performing technical review and quality assurance.
7. In-depth knowledge of MITRE ATT&CK, OWASP, CWE, CVSS, and secure system and software development practices.
8. Excellent communication skills (both written and oral); able to concisely communicate and present risk to both technical and non-technical audiences.
9. Experience with AWS, Azure, GCP, Kubernetes, and/or cloud native technologies.
10. Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications desired.
11. Ability to travel as assessments and operations require (<5%).
Typically a minimum of five years of information security experience (red teaming, purple teaming, penetration testing, cloud security, and/or network security).
Typically a minimum of five years of experience with scripting or development languages (Python, C, C++, C#, Go, Nim, Rust, Bash, SQL, PowerShell, assembly, etc.).
About TEKsystems:We’re partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That’s the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
To view full details and how to apply, please login or create a Job Seeker account