Red Team Security Engineer at Blackbaud
The Red Team Security Engineer reports to the Senior Manager of Information Security and is responsible for testing and validating all faucets of information security controls including networks, servers and web applications. The Red Team Security Engineer carries out attacks and perform security assessments to uncover vulnerable areas of systems and applications and to test defensive security measures using common as well as unique methods and practices.
What you’ll do:
- Participate in Red/Blue Team exercises on a periodic basis so that management can assess effectiveness of security controls.
- Conduct penetration testing for the red team which includes: network, system, application, mobile, traditional web and wireless penetration testing.
- Writing exploit code for local testing.
- Perform thorough penetration testing that includes the identification, reporting, and recommendations for security vulnerabilities while adhering to management driven scope and deadlines.
- Identify, prove, and report vulnerabilities that cannot be identified by scanners or tools
- Develop, extend, or modify exploits, shellcode or exploit tools.
- Develop applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE).
- Reverse engineering malware, data obfuscators, or ciphers.
- Source code review for control flow and security flaws.
- Develop attack vectors, conduct reconnaissance, collect Open-source intelligence, enumeration, and foot printing of target networks and services, and develop exploit payloads and system backdoors.
- Simulate malicious tactics of a motivated adversary with the intent of achieving a specific goal or access.
- Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
- Obtain threat intelligence from white hat sources and stay up to date on the latest exploits and security trends
- Advise Incident Response on defensive and monitoring process design.
- Deliver clear and coherent written reporting and remediation guidance.
What we’ll want you to have:
- College degree in Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience.
- A minimum of five (5) years (in excess of degree requirements stated above) of experience with technical Cyber Security and three (3) years with Red Team or penetration testing experience.
- Demonstrates broad subject matter expertise of web, network, and system security.
- Certification in highly technical information security disciplines such as: CISM, CISSP, CCSP, CCNP, CCDE, CCIE Security, GIAC, CEH, GPEN, GWAPT, GXPN or OSCP certification(s)