Senior Red Team Engineer
US Remote
Box
Box empowers your teams by making it easy to work with people inside and outside your organization, protect your valuable content, and connect all your apps.The Red Team Engineer will provide adversarial services to include engaging in various operations of different complexity and length to test security architecture, security tools, configurations and SIRT response to incidents. The Red Team Engineer will also partners with Blue Team members to Purple Team test security tools and detections. This role will have the opportunity to collaborate across Box as a whole, providing expertise and real world adversarial group experience to product, architecture and operational teams at Box.
WHAT YOU'LL DOResponsibilities:
-
Consult on, design, and execute adversary emulation operations
-
Conduct research into real-world threat actor tactics, techniques, and procedures to develop proof-of-concept tools and playbooks
-
Partner with the SIRT and other stakeholders in the organization to identify security posture improvement opportunities
-
Collaborate with the Threat Operations Team (Threat Intelligence, Detection, and Threat Hunting) on threat analysis and research
-
Present findings and operational work to groups in a clear and professional manner
-
Study the techniques of Threat Actors, and apply that lens to operational work
Experience:
-
Minimum five (5) years of experience of operating in a technical red team or pen tester capacity
-
Bachelor's degree in Information Technology, related discipline or relevant work experience
-
Relevant Technical Security Certifications (GIAC, EC-Council, Offensive Security, etc)
-
Familiarity with MITRE ATT&CK and how it’s applied by both Red and Blue Teams
-
Project management, cross-team coordination and driving organizational change
-
3+ years experience in the following areas:
-
Network penetration testing and manipulation of network infrastructure
-
Mobile and/or web application assessments
-
Email, phone, or physical social-engineering assessments
-
Shell scripting or automation of simple tasks using Perl, Python, or Ruby
-
Developing, extending, or modifying exploits, shellcode or exploit tools
-
Source code review for control flow and security flaws
-
Bypassing preventative and detective security controls to accomplish operational goals
-
Strong knowledge of tools used for wireless, web application, and network security testing
Skills:
-
Nominal understanding of regular expression and proficient in programming (.NET, C/C++) and scripting languages (e.g. Perl, Java, or Python)
-
Familiarity with common C2 frameworks such as Cobalt Strike, Mythic, and Metasploit
-
High level of proficiency of Linux/Mac/Windows operating systems, including bash and Powershell
-
Detailed understanding of the TCP/IP networking stack, network technologies and covert channels
-
Strong knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.)
-
Strong collaborative skills and proven ability to work in a diverse global team of security professionals
-
Strong organizational skills and mentoring
-
Comfortable with presenting to technical and executive level audiences
-
Strong verbal and written skills
-
Excellent interpersonal skills
- Visit this webpage to check out all of our exciting healthcare benefits: https://join.collectivehealth.com/box
- For all other benefits, please check out: Box Benefits + Perks
Tags: Automation Bash Blue team C C++ Cloud Cobalt Strike Exploit Exploits GIAC Java Linux Metasploit MITRE ATT&CK Network security Offensive security PCAP Pentesting Perl PowerShell Privacy Python Red team Ruby Scripting TCP/IP Threat intelligence Windows
Perks/benefits: Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs