Red Team/Penetration Tester
Glocomms is partnered with a Cyber Consultancy firm in the search for Red Team/Penetration Testers to join the Security Operations team. The position will focus on improving clients overall security posture by identifying threat and vulnerabilities, conducting attack simulations, gather threat intel, carry out network and applications pen-test's, mobile device testing, and social engineering.
Key responsibilities:
- Conduct attack simulations and create threat scenarios to test the security posture of the organization's infrastructure, web applications, mobile applications, network applications.
- Conduct intelligence gathering, manual and automated pen-tests, social engineering, and threat emulation activities.
- Develop, implement, and maintain customer testing tools.
- Create payloads/exploits to be utilized during Red Team activities.
- Be proficient in using scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation.
- Create artifacts and represent finding to senior managements.
- Collaborate with management to improve policies and procedures to support red team activities and security testing.
- Collaborate with Blue/Purple Team, Engineering, Infrastructure, and Software teams on remediation efforts, evidence gathering, and strategic roadmap planning.
Experience required:
- Experience in network, application, emissions, and physical security.
- Extensive skills in social engineering and intelligence gathering.
- Strong experience with custom scripting (python, PowerShell, bash, etc.) and process automation.
- Hands-on experience using tools such as Kali, Armitage, Cobalt Strike, Nmap ,Metasploit, Qualys, Nessus, Burp Suite, Wireshark, Bloodhound, Recon-NG, Netsparker, Ettercap/Bettercap, Hashcat, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
- Knowledge of Open Source intelligence, the Dark Web, and strong knowledge of threat actor TTP's.
- Deep knowledge of database security testing (MSSQL, DB2, MySQL, etc.).
- Knowledge of MacOS, Windows, Unix, Cisco, and Mainframes, platforms, and controls.
