Job Description

About The Role

The Sr. Security Researcher is responsible for leading and executing offensive security assessments (red teaming) against the organization's systems and networks. This role will leverage advanced penetration testing, social engineering, and other offensive security techniques to identify and exploit vulnerabilities, simulate real-world threats, and enhance the organization's overall security posture.

Responsibilities

• Lead and execute red team engagements:
• Develop and execute comprehensive red team assessments, including reconnaissance, vulnerability scanning, exploitation, and post-exploitation activities.
• Lead and mentor junior red team members, providing guidance, training, and hands-on experience.
• Develop and maintain red team methodologies, tools, and infrastructure.
• Conduct threat modeling and risk assessments to identify potential attack vectors and prioritize targets.
• Develop and execute social engineering campaigns, including phishing, vishing, and physical penetration tests.
• Vulnerability research and exploitation:
• Stay abreast of the latest threat intelligence, vulnerabilities, and exploits.
• Research and develop new exploitation techniques and tools.
• Conduct in-depth analysis of vulnerabilities and their potential impact.
• Reporting and communication:
• Prepare detailed and concise reports documenting red team findings, including technical details, impact assessments, and remediation recommendations.
• Effectively communicate findings to technical and non-technical audiences, including senior management.
• Present findings and recommendations at security forums and conferences (optional).
• Security awareness and training:
• Develop and deliver security awareness training programs to employees on topics such as social engineering, phishing, and secure coding practices.
• Conduct security awareness campaigns to raise employee awareness of security threats and best practices.
• Collaboration:
• Collaborate with other security teams (e.g., blue team, incident response) to improve overall security posture.
• Work with development teams to identify and remediate security vulnerabilities in applications and systems.
• Build and maintain relationships with external security researchers and the cybersecurity community.

Skills and Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in cybersecurity, with 3+ years of hands-on experience in penetration testing, red teaming.
• Understanding of blended attacks.
• Proven experience leading and mentoring junior security professionals.
• Strong understanding of networking, systems administration, and programming concepts.
• Expertise in penetration testing methodologies and tools (e.g., Cobalt Strike, Outflank, Sliver, PowerShell Empire, Metasploit, Kali Linux, Nmap).
• Proficiency in scripting languages (e.g., Python, Ruby, PowerShell).
• Strong understanding of network protocols (e.g., TCP/IP, DNS).
• Experience with vulnerability scanners, intrusion detection systems, and firewalls.
• Experience with cloud security (e.g., AWS, Azure, GCP) is a plus.
• Relevant security certifications (e.g., RTO I, RTO II, OSCP, OSCE, GPEN, CRTP) are highly desired.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong attention to detail and accuracy.
• Ability to adapt to new technologies and challenges.
• Project Management.

Job Tags

Similar Jobs