Senior Red Team Engineer and Developer
Description
Job Summary:
As a Sr. Red Team Engineer & Developer, you will conduct Red Team engagements and proactively uncover security risks, equipping the Global Fusion Center (GFC), and Tokio Marine Group Companies with advanced offensive capabilities to remediate cyber risks. You will rapidly grow to understand the Group Companies’ business priorities and ways Red Team engagements can help to uncover and mitigate cyber risks. You will develop custom tools to bypass EDRs and various detections in addition to performing security research and building infrastructure to further Red Team’s capabilities.
Essential Job Functions:
- Set scope, objectives, and timelines for Red Team engagements and leverage data to create meaningful metrics
- Propose, plan, and execute Red Team engagements based on real-world cyber threats
- Develop tools, methodologies, and infrastructure to support Red Team engagements
- Deliver well-written technical and executive-level Red Team reports and briefings
- Align with counterparts globally including GFC-Japan to build and enforce standards and frameworks pertaining to Red Team engagements and findings
- Present Red Team reports and findings to executives and non-technical audiences
Qualifications:
- 3-5 years Red Team (Adversary Simulation) experience working in a technical role
- Experience conducting hands-on technical Red Team and/or government computer network exploitation/attack operations experience
- Deep knowledge and hands-on experience using, modifying, and customizing red teaming post exploitation frameworks and Command & Control (C2) frameworks
- Experience in developing payloads that bypass A/V and EDR solutions for use in various phases of red team engagements
- Experience in software development, including red teaming tools, custom malware, trojans, shellcode, etc., using low-level languages (C, C++, assembly, etc.). Possess advanced knowledge of Windows & Linux internals, including kernel module development, system calls, and other operating systems internals and how to leverage them for offensive security purposes
- Ability to mentor junior engineers on red team tradecraft
- Experience in professionally delivering technical and executive-level red team reports and briefings
- Knowledge of common bugs or misconfigurations in software and cloud infrastructure (AWS, GCP, and Azure)
- Industry security certification (GPEN, GXPN, OSCE, OSCP, CRTO) preferred
- Fluency in a foreign language is highly desirable, but not required
- Bachelor’s Degree preferred
Salary range $125,000 to $180,000. Ultimate salary offered will be based on factors such as applicant experience and geographic location. Our company offers a competitive benefits package and bonus eligibility on top of base.