• Anywhere

Ethical Hacking Red Team Senior Manager

Ethical Hacking Red Team Senior Manager

Secure Recruitment are seeking an Ethical Hacking Red Team – Senior Manager to join one of the world’s leading professional services organisations.

The Role

As a Red Team Senior Manager you will be working in line with CREST and other relevant industry standards in order to deliver attack simulation services at the highest levels into our clients .Our clients are some of the largest global organisations and come from all sectors including a significant proportion from our traditional background in the financial services sector.
All share a key objective and want to understand the risks they face from real world threats so we package up individual work programs to meet their needs. We increasingly see questions coming from company boards and risk committees asking the questions that only an effective adversary simulation exercise can answer. The candidates we are looking for are ideally a current or previously qualified CREST Certified Simulated Attack Specialist (CCSAS) or Certified Simulated Attack Manager (CCSAM).
Candidates should have experience scoping and delivering high level red teams but also with good experience testing network infrastructure and applications as these skills are essential when performing lateral movement and gaining access to target platforms. Much of our work involves targets with capable monitoring and incident response teams and modern EDR platforms so experience bypassing common products and demonstrating strong operational security awareness is important. Senior managers should be able to work directly with clients and build strong credible relationships amongst peers. Public speaking at conferences is supported should a candidate wish to pursue such opportunities and there is a desire to feedback research to the community through thought leadership.
Our client provides staff with extensive training and revision time to facilitate professional development and progress through industry exams. Where possible, we encourage to undertake a UK government security clearance as part of this role.

As an Ethical Hacking Senior Manager you will have the opportunity to:

• Deliver and manage complex client engagements requiring the use of offensive security tools and techniques to to identify weaknesses in client IT environments by legally breaking into computer systems, websites, mobile applications and wireless platforms as part of real world simulated attack scenarios;
• Research a variety of topics including: advanced evasion techniques for enhancing our red team capabilities and other novel techniques and capabilities;
• Contribute to the creation of new private and public tooling to enhance deliver capabilities;
• Work with a world leading Threat Intelligence team to deliver full package solutions to clients looking to answer both the “who” and the “how” questions for possible attacks;
• Work closely with a dedicated development team to research and weaponise new vulnerabilities and techniques for bypassing endpoint security solutions;
• Manage and mentor junior staff and managers through sharing of professional and technical skills and experience;
• Maintain and develop relationships with a portfolio of iconic clients, understanding their needs, producing proposals to address them and providing risk based recommendations on security matters;
• Work with clients to review and enhance the security of key platforms such as Azure AD, Office 365 and a variety of supporting cloud platforms including IaaS and SaaS;
• Write risk based reports and attend customer delivery meetings;
• Act as a technical SME for collaborative projects with other business teams such as Incident Response, Threat Intelligence, Crisis Response and Cyber Security Advisory;
• Develop new products and services to ensure we remain at the forefront of the industry;

You can also expect to perform some of the following business development activities:

• Meet with clients to understand their needs and help produce proposals
• Mentor and help upskill junior colleagues in the team
• Develop toolkits and methodologies to enhance our sales and delivery capability
• Contribute to research, public blogs and whitepapers to improve our public profile
• Attend and speak at conferences within the Information Security community
• Collaborate to develop new and innovative security services for our clients
• Develop new and innovative security services for our clients
• Work with our outreach teams to support schools, colleges and universities in showing the next generation the opportunities available in the cyber industry.

Skills and experience

• Significant practical experience delivering red teaming services to customers;
• Expert user in a variety of common operating systems such as Windows, Linux and MacOS;
• Experienced in using a wide variety of command and control frameworks such as Cobalt, Strike and Mythic
• Experience of working covertly where evading a proactive blue team is a priority
• Good working knowledge of Azure AD, AWS, Office 365 and common cloud hosting platforms.
• Strong Active Directory knowledge and familiarity with offensive enumeration techniques, including public tooling such as BloodHound, and PingCastle.
• Practical experience of building and automating red team infrastructure
• Extensive knowledge of security testing requirements and techniques, demonstrated by Cyber Security Industry qualifications such as CRTO, OSCE/OSCE3 and CREST* CCSAS and CCSAM.

While not prerequisites, the following will be advantageous:

• Knowledge of endpoint security technologies (e.g. Microsoft ATP)
• Good scripting and automation skills
• Degree in computer science, cyber or STEM subjects or demonstrate professional development, industry qualification and practical experience;
• Experience of performing red team reviews against very large-scale, complex environments.
• Background in software development with a low level language (ASM/C/C++)
• Working knowledge of Win32 APIs and experience programming and scripting
• Experience in complex OT environments and understanding of their unique risks
• Excellent business communication skills, including writing proposals, initiating client engagements, leading workshops, writing reports, and delivering presentations to clients;

Upload your CV/resume or any other relevant file. Max. file size: 64 MB.