Senior Red Team Offensive Security Engineer (Remote, EST or CST)
Expiring today
- Recruiter
- Piper Companies
- Location
- United States
- Salary
- USD 180,000.00 - 200,000.00 per year
- Posted
- 21 Nov 2024
- Closes
- 08 Dec 2024
- Ref
- 3702201489205600727
- Job Type
- Security Engineer
- Employer Sector
- Engineering & Electronics
- Contract Type
- Permanent
- Hours
- Full Time
Piper Companies is seeking a Senior Red Team Offensive Security Engineer for an award-winning, publicly traded worldwide Information Technology Organization. The Senior Red Team Offensive Security Engineer must be a US Citizen and have the ability to work EST hours. This role will focus on reverse engineering, penetration testing, and security assessments of all products within the tech stack.
Responsibilities for the Senior Red Team Offensive Security Engineer:
Requirements for the Senior Red Team Offensive Security Engineer:
Compensation for the Senior Red Team Offensive Security Engineer:
SQL Injection (SQLi), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Code Execution (RCE), Server-Side Request Forgery (SSRF), Broken Authentication, Session Hijacking, Insecure Direct Object References (IDOR), Security Misconfiguration, Sensitive Data Exposure, Input Validation, Privilege Escalation, Web Application Firewall (WAF) Bypass, Zero-Day Exploits, Phishing and Social Engineering, Credential Stuffing, Brute Force Attacks, Man-in-the-Middle (MitM) Attacks, API Security, Content Security Policy (CSP), HTTP Header Security, Subdomain Takeover, Directory Traversal, File Inclusion Vulnerabilities (LFI/RFI), Web Shells eecurity, Threat Intelligence, Vulnerability Assessment, Incident Response
#LI-JQ1
#LI-REMOTE
Responsibilities for the Senior Red Team Offensive Security Engineer:
- Objective Setting: Define the business context, scope, and objectives of the engagement, aligning the Red Team's success criteria with the organization's goals.
- Reconnaissance and Threat Modeling: Gather extensive information about the target, such as IP ranges, domain names, and employee details. Use frameworks like MITRE ATT&CK to model potential threats and assess associated risks.
- Initial Access: Exploit vulnerabilities to gain initial access through techniques such as social engineering, physical attacks, or exploiting external attack surfaces.
- Establish Persistence: Maintain access by setting up backdoors, creating new accounts, and utilizing Command and Control (C2) frameworks.
- Escalation/Lateral Movement: Escalate privileges and move laterally within the organization, using defense evasion techniques and exploiting further vulnerabilities.
- Data Exfiltration: Discover, collect, and exfiltrate target data according to the defined objectives.
- Reporting and Debrief: Present a comprehensive report of findings, including an executive summary, detailed findings, control successes and failures, and recommendations for improvement.
- The tech stack includes: On-Prem (Windows and Linux), Cloud (AWS), IAM (Okta), O365, Slack, and Python
Requirements for the Senior Red Team Offensive Security Engineer:
- At least 5 years of experience as part of a red team performing some of the responsibilities listed above
- Experience in exploit development (or Offensive Programming) and cloud security.
- Experience with C2 frameworks such as Empire, Covenant, Sliver, Merlin, PoshC2, Cobalt Strike, Brute Ratel, or NightHawk
- Prior experience simulating real-world attack scenarios and/or Penetration Testing Web Applications
- Prior Experience working in Unix (Linux), Windows, and or Cloud Environments
- Solid understanding of Python, Go, or a similar language; must be able to code live.
- US Citizenship
Compensation for the Senior Red Team Offensive Security Engineer:
- Salary Range: $180,000 - $200,000
- Full Benefits: Medical, Dental, Vision, 20 days of PTO, and 11 Federal Holidays
- This opportunity is remote but we are only considering candidates in the Eastern Standard or Central Standard Time Zones
- Candidates MUST be US citizens due to the clients supported
SQL Injection (SQLi), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Code Execution (RCE), Server-Side Request Forgery (SSRF), Broken Authentication, Session Hijacking, Insecure Direct Object References (IDOR), Security Misconfiguration, Sensitive Data Exposure, Input Validation, Privilege Escalation, Web Application Firewall (WAF) Bypass, Zero-Day Exploits, Phishing and Social Engineering, Credential Stuffing, Brute Force Attacks, Man-in-the-Middle (MitM) Attacks, API Security, Content Security Policy (CSP), HTTP Header Security, Subdomain Takeover, Directory Traversal, File Inclusion Vulnerabilities (LFI/RFI), Web Shells eecurity, Threat Intelligence, Vulnerability Assessment, Incident Response
#LI-JQ1
#LI-REMOTE