Director Cyber Security Red Team
Job Description Meet our professionals CGI:
An employer of choice Position Description Supports the enterprise threat emulation and pen-testing program, which includes but is not limited to evaluating the security of the organization's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie by simulating attacks on networks, firewalls, operating systems, operational technology and web applications to identify vulnerabilities, and report the findings.
Your future duties and responsibilities Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls.
Test procedures may cover a wide range of technically diverse such as but not limited to IP network discovery, password length and complexity requirements and vulnerability exploitation.
Knowledge of APT TTPs and how to replicate their attack methodology.
Ability to work with publicly available exploits and PoC code.
Write penetration testing rules of engagements, test plans, standard operating procedures and reports.
Thoroughly document exploit chain/proof of concept scenarios.
Research and remain up-to-date with new threats and adversary emulation methodologies.
Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
Hands-on expertise with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex:
Burp Suite, Nmap, Metasploit, Cobalt Strike, Nexpose/IVM).
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
Must be willing to travel as needed (10%) Process cyber threat intelligence in accordance with the intelligence cycle:
direction, collection, processing, analysis, dissemination, and feedback from open source, paid subscriptions, and government sources.
The position may require occasional travel to other countries.
Support physical security pen-tests Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies & infrastructure devices, databases, operational technology and ensure risk remediation before and after vulnerability scans Work effectively with others in the Information & Technology organization, operations in support of security policies and standards.
Must have the ability to manage a small team Required qualifications to be successful in this role Bachelor's degree in technical field (Computer Science, Information Systems, Information Systems Security) or 4
years of equivalent background and experience in red team operations, penetration testing, or cyber threat emulation Experience in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security Network and web-related protocol knowledge (eg, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
Experience with common commercial and open source penetration tools such as Kali Linux, Burp Suite Pro, Metasploit and password cracking tools.
Possess planning, interpersonal, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
Have the ability to apply logic and reason to solve complex problems.
Ability to establish and maintain multi-functional and positive working relationships.
Advanced computer skills and proficiency.
Strong interpersonal and networking skills with a solid ability to work in a team environment.
Ability to work under stressful and tight deadlines as well as the ability to lead in a fast-paced environment.
Above average computer hardware and software knowledge.
Ability to multi-task, discerns patterns in detail.
Think through problems for logical solutions and remain calm and professional under stress.
Strong decision-making ability during both crisis and non-crisis situations.
Able to work with highly confidential information.
#CGIFederalJob #LI-NV1 Skills Security Vulnerability Assessment(IAVA) Network Administration What you can expect from us Build your career with us.
It is an extraordinary time to be in business.
As digital.
Estimated Salary: $20 to $28 per hour based on qualifications.
An employer of choice Position Description Supports the enterprise threat emulation and pen-testing program, which includes but is not limited to evaluating the security of the organization's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie by simulating attacks on networks, firewalls, operating systems, operational technology and web applications to identify vulnerabilities, and report the findings.
Your future duties and responsibilities Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls.
Test procedures may cover a wide range of technically diverse such as but not limited to IP network discovery, password length and complexity requirements and vulnerability exploitation.
Knowledge of APT TTPs and how to replicate their attack methodology.
Ability to work with publicly available exploits and PoC code.
Write penetration testing rules of engagements, test plans, standard operating procedures and reports.
Thoroughly document exploit chain/proof of concept scenarios.
Research and remain up-to-date with new threats and adversary emulation methodologies.
Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
Hands-on expertise with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex:
Burp Suite, Nmap, Metasploit, Cobalt Strike, Nexpose/IVM).
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
Must be willing to travel as needed (10%) Process cyber threat intelligence in accordance with the intelligence cycle:
direction, collection, processing, analysis, dissemination, and feedback from open source, paid subscriptions, and government sources.
The position may require occasional travel to other countries.
Support physical security pen-tests Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies & infrastructure devices, databases, operational technology and ensure risk remediation before and after vulnerability scans Work effectively with others in the Information & Technology organization, operations in support of security policies and standards.
Must have the ability to manage a small team Required qualifications to be successful in this role Bachelor's degree in technical field (Computer Science, Information Systems, Information Systems Security) or 4
years of equivalent background and experience in red team operations, penetration testing, or cyber threat emulation Experience in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security Network and web-related protocol knowledge (eg, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
Experience with common commercial and open source penetration tools such as Kali Linux, Burp Suite Pro, Metasploit and password cracking tools.
Possess planning, interpersonal, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
Have the ability to apply logic and reason to solve complex problems.
Ability to establish and maintain multi-functional and positive working relationships.
Advanced computer skills and proficiency.
Strong interpersonal and networking skills with a solid ability to work in a team environment.
Ability to work under stressful and tight deadlines as well as the ability to lead in a fast-paced environment.
Above average computer hardware and software knowledge.
Ability to multi-task, discerns patterns in detail.
Think through problems for logical solutions and remain calm and professional under stress.
Strong decision-making ability during both crisis and non-crisis situations.
Able to work with highly confidential information.
#CGIFederalJob #LI-NV1 Skills Security Vulnerability Assessment(IAVA) Network Administration What you can expect from us Build your career with us.
It is an extraordinary time to be in business.
As digital.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
