Cargando...
Compartir esta oferta de trabajo
Enviar candidatura ahora »

Join us as a Red Team Operator!

Join us as a Red Team Operator!

 

As part of the global Attack Surface Assessment team, we are seeking a security tester with experience in delivering red team operations to assist our organization in assessing the effectiveness of, and making recommendations for the security controls required for digital assets in order to meet the Deloitte risk appetite.

 

The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations center. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Red Team Operator to join this team.

 

The formalized red team conducts campaigns at a global scale, assessing the effectiveness of, and making recommendations for the security controls required for digital assets in order to meet the Deloitte Network’s risk appetite.

 

The Red Team operator will be responsible for day-to-day execution of the Red team campaign objectives among other Red Team service offerings. The candidate being sought should be a creative, self-motivated, highly energetic and results oriented individual passionate about Offensive Security.

 

Illustrative Duties and Responsibilities:

Strategic

  • Assists in developing, delivering and enhancing red team exercises and training across the global network
  • Take a vested interest in continuous skillset development
  • Work as a partner with our security counterparts to grow and mature as an organization  

 

Operational

  • Build and execute covert Red Team operations on a regular basis
  • Develop operational process, field manuals and attack methodologies to streamline the engagement execution process
  • Ensure deliverables are of a quality nature and provide practical intelligence to help Deloitte remediate security flaws identified
  • Assists in the management of the Attack Platform and implementation of new tools and techniques
  • Escalates key risks and issues to the Red Team Lead which need special attention or hold urgency

 

Relationship Management

  • Works closely with the rest of the Red Team Operators to drive completion of campaign objectives
  • Aligns and collaborates with other cyber services to derive learning and training from red team exercises so the organisation can continually improve its risk posture

 

Expectations from the Candidate:

Our purpose is to make an impact that matters and our aspiration is to be the undisputed leader in professional services. At the root of these goals are our Shared Values, which describe the distinctive Deloitte culture. Our Values are timeless, all-encompassing and embrace the cultures in which Deloitte member firms operate. We expect all professionals to live our purpose and shared values and be the brand ambassadors holding Deloitte Global and member firms together.

 

Integrity

At Deloitte everything we do starts with integrity. In our marketplace, nothing is more important than our reputation and, accordingly, we commit to conducting business with honesty, distinctive quality, and high levels of professional behaviour.

 

Outstanding value to markets and clients 

We play a critical role in helping both the capital markets and our member firm clients operate more effectively. We consider this role a privilege, and we know it requires constant vigilance and unrelenting commitment.

 

Commitment to each other

We are proud of our culture of borderless collegiality and work hard to support our people. We strive to create an inclusive environment that reflects our strong, clear expectations about diversity, respect, and fair treatment.

 

Strength from cultural diversity

Our member firm clients' business challenges are complex and benefit from the innovation and varied perspectives that our practitioners bring. We understand that working with people of different backgrounds, cultures, and thinking styles helps our people grow into better professionals and leaders. 

 

Qualifications & Skills:

Education

  • Degree in Computer Science, Cyber Security, International Cyber Security, or equivalent education experience.
  • Candidates with the requisite work experience below would also be considered

 

Work experience

  • Minimum of 5 years of combined experience in the Information Security / Cybersecurity domain
  • At least 2 years of Pentesting or Red Team experience

 

Certification

  • Industry Standard technical certification required (at least 1) from any of the following: OSCP, OSCE, OSEE, GWAPT, GPEN, or equivalent certifications
  • Experience working on Red team frameworks such as CBEST, TIBER, or with the military would be seen as beneficial

 

Skills/abilities

  • Proficiency with typical technical tooling such as Cobalt Strike, Metasploit, Burp, Nessus, Nmap, Censys, shodan, etc.
  • Experience writing custom payloads
  • Experience building and maintaining attack platforms
  • Familiarity working with the Mitre ATT&CK Framework
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to effectively communicate all security services within the realm of risk management, convey information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
  • Sound knowledge of business management and an expert level of knowledge of penetration testing
  • Experience interacting, presenting and working with C-level executives (CISO, CIO, etc.) and lower business management as well as technical management teams
  • Ability to provide process and service improvements in an effective and professional manner
  • Foundational knowledge and understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), GDPR and Payment Card Industry/Data Security Standard
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
  • Ability to backup Red Team Lead when required
  • Ability to travel as needed up to 10%
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Población:  Madrid
Tipo de Puesto:  Profesionales Con Experiencia
Línea de Servicio:  Riesgos
Req Id:  16887

Enviar candidatura ahora »