(Red Team) Penetration Testing Sr. Consultant - Secureworks - Remote

Job description

Why Work at Dell?

Endless challenges and rewards. Opportunities on six continents. A team of colleagues fueled by collaboration. All this, and a company deeply committed to integrity and responsibility.

(Red Team) Penetration Testing Sr. Consultant- Secureworks - Remote Based

Security and Risk Consulting Group 

Secureworks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat.

In short, we give our clients an early warning capability. Secureworks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We’ve been consistently recognized by industry analysts, readers’ polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide.

Role Overview

The Sr. Penetration Testing/Red Team Consultant supports the Security and Risk Consulting /Technical Security Services Team by applying information security threat intelligence to identify and exploit vulnerabilities within our client’s environments. The focus areas for this role are one or more of the following: network testing, wireless network security, web application testing, mobile application testing, physical security, and social engineering.

Role Responsibilities

-Conduct exploitation testing using off-the-shelf or self-developed exploitation tools and document findings for client remediation

-Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures

 (TTP), and emulate these TTP to assess vulnerability and risk

-Perform proactive research to identify and understand new threats, vulnerabilities, and exploits

-Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports

-Mentor and train fellow team members in new technologies and techniques

-Document and present on new testing methodologies to internal and external teams

-Develop and document new post-exploitation tools and techniques for use by internal and external customers

-Excel as both a self-directed individual contributor and as a member of a larger team

-Availability for domestic travel and limited international travel up to 50%

-Apply innovation to improve service efficiency and service value

-Suggest or implement enhancements to internal systems

-Interface with Counter Threat Unit (CTU) and Incident Response (IR) teams

-Perform other essential duties as assigned

As a managed security provider, Secureworks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.

Requirements

-Minimum of 5 years of experience leading penetration testing, application testing, and red team engagements 

-Minimum of 3 years of experience with at least one of the following: Nmap, Metasploit, Kali Linux, Burp Suite Pro, Responder

Preferences

-OSCP/E or GIAC GPEN, GWAPT, GXPN or similar preferred

-Experience with stealth and evasion tactics and techniques.

-Experience with Physical Access tactics and techniques.

-Ability to explain technical security concepts to executive stakeholders in business language

-Experience simulating Advance Persistence Threat actors. 

-Significant pluses for one or more of the following: experience in social engineering, mobile or cloud application testing, experience with disassembly and debugging tools, exploit development, wireless security, malware analysis, testing embedded platforms and hardware security, ICS testing experience, and cryptography or cryptanalysis

-Experience scripting with Python, Ruby, POSIX shell, C/C++/ObjC/C#, Java, PHP, or .NET

-Experience with HTML, JavaScript, XML, AJAX, JSON, and REST)

-Significant public security presentation experience is a plus

-General security certifications such as CISSP or GSEC

-A Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience

This is a remote position that may require travel.

Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.  Learn more about Diversity and Inclusion at Secureworks here .