Red Team Engineer
Leading uniquely at the intersection point of technology and social good, Blackbaud provides software, services, expertise, and data intelligence that empowers and connects people to advance the social good movement. We serve the entire social good community, which includes nonprofits, foundation, corporations, education institutions, and the individual change agents who support them. We work with over 40,000 organizations, helping them realize their goals, fund their missions, manage their operations, and develop long-lasting supporter relationships. Our customers are passionate about making the world a better place, and we’re inspired by the opportunity to help them.
The Red Team Security Engineer reports to the Senior Manager of Information Security and is responsible for testing and validating all faucets of information security controls including networks, servers and web applications. The Red Team Security Engineer carries out attacks and perform security assessments to uncover vulnerable areas of systems and applications and to test defensive security measures using common as well as unique methods and practices.
What you’ll do:
- Participate in Red/Blue Team exercises on a periodic basis so that management can assess effectiveness of security controls.
- Conduct penetration testing for the red team which includes: network, system, application, mobile, traditional web and wireless penetration testing.
- Writing exploit code for local testing.
- Perform thorough penetration testing that includes the identification, reporting, and recommendations for security vulnerabilities while adhering to management driven scope and deadlines.
- Identify, prove, and report vulnerabilities that cannot be identified by scanners or tools
- Develop, extend, or modify exploits, shellcode or exploit tools.
- Develop applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE).
- Reverse engineering malware, data obfuscators, or ciphers.
- Source code review for control flow and security flaws.
- Develop attack vectors, conduct reconnaissance, collect Open-source intelligence, enumeration, and foot printing of target networks and services, and develop exploit payloads and system backdoors.
- Simulate malicious tactics of a motivated adversary with the intent of achieving a specific goal or access.
- Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
- Obtain threat intelligence from white hat sources and stay up to date on the latest exploits and security trends
- Advise Incident Response on defensive and monitoring process design.
- Deliver clear and coherent written reporting and remediation guidance.
What we’ll want you to have:
- College degree in Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience.
- A minimum of five (5) years (in excess of degree requirements stated above) of experience with technical Cyber Security and three (3) years with Red Team or penetration testing experience.
- Demonstrates broad subject matter expertise of web, network, and system security.
- Certification in highly technical information security disciplines such as: CISM, CISSP, CCSP, CCNP, CCDE, CCIE Security, GIAC, CEH, GPEN, GWAPT, GXPN or OSCP certification(s)
Why you’ll want to come work here:
- Competitive salary (commission/bonus based on type of role), 4 weeks paid time off, great benefits (medical, dental, vision, FSA), 401K match
- Gift matching, volunteer for vacation program, and endless community involvement opportunities
- Named to Forbes’ Fast Tech 25 and Fortune’s Change the World List; we are growing and offer incredible opportunity for advancement
- Tremendous company culture and office perks like onsite gym, free snacks, café, and cutting-edge new headquarters to be completed in 2018
Blackbaud is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.
To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.