Attack Simulation Operator- Remote (Anywhere in the U.S.)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

Overview

GuidePoint Security’s Managed Penetration Testing (MPT) services combine the benefits of the latest in continuous attack simulation technology with our seasoned team of expert penetration testers and red teamers. As an Attack Simulation Operator, you will be tasked with the effective operation of our MPT platform to ensure our clients benefit from our unique approach. Additionally, you will identify and validate vulnerability at speed and scale to assist our clients in making meaningful and measurable improvements in their risk posture.

Description

As an Attack Simulation Operator, you will:

• Monitor in-scope client environment for vulnerabilities, including monitoring of real-time channels or dashboards, periodic reports, email inboxes, help desk or their ticketing systems, telephone calls, chat sessions, etc.
• Follow defined procedures to perform triage of potential vulnerabilities to validate and determine mitigation path
• Escalate high/severe or abnormal findings to senior staff
• Maintain situational awareness of the client's technology architecture, known weaknesses, solutions used for monitoring and threat intelligence, and any recent security events
• Ensure that identified vulnerabilities are promptly validated and thoroughly investigated
• Provide ongoing analysis, incident detection, and manage escalations using documented procedures
• Devise and document new procedures and runbooks/playbooks as directed
• Maintain established Service Level Agreements (SLAs)
• Maintain compliance with processes, runbooks, templates, and procedures-based experience and best practices
• Continuously help to improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false-positive tuning, etc.
• Perform peer reviews and consultations with other operators regarding potential vulnerabilities
• Serve as a subject matter expert in at least one security-related area (e.g., specific tools such as Pentera, AttackIQ, Cymulate, SafeBreach, etc.)
• Actively seek self-improvement through continuous learning and pursuing advancement to Security Analyst or Consultant
• Stay current on vulnerability trends, zero-days, and other relevant information related to pen testing and remediation
• Provide status and metric reporting
• Perform regular reviews with customers
• Support weekly operations calls
• Adhere to internal operational security and other GuidePoint policies
• Perform light project work as assigned
• 10-25% Travel

Education, Credentials, and Experience

Required

• Familiarity with offensive security tools used for network and application penetration testing
• 1+ year working in a SOC and/or strong security technology operations experience
• Experience in security technologies such as automated penetration testing tools, Security Information and Event Management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint Detection and Response (EDR), Anti-Virus, Sandboxing, network- and host-based firewalls, Threat Intelligence, etc.
• Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures
• Understanding possible attack activities such as network probing/scanning, DDOS, malicious code activity, etc.
• Understanding of common IT and network infrastructure devices such as routers and switches
• Understanding of fundamental networking protocols such as TCP/IP, DNS, HTTP
• Understanding various operating systems (e.g., Microsoft, UNIX, etc.)
• Basic knowledge of system security architecture and security solutions
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

Preferred

• CEH or equivalent, and in pursuit of OSCP
• Excellent interpersonal and organizational skills
• Excellent oral and written communication skills
• Strong analytical and problem-solving skills
• Self-motivated to improve knowledge and skills
• A strong desire to understand the what, as well as the why and how of information security

Knowledge, Skills, and Abilities

Technical

• Assess network security postures for enterprise-level infrastructures by utilizing industry-standard approaches for conducting vulnerability assessments and penetration testing
• Possess in-depth knowledge of formal assessment methodologies, as well as when to use intuition to creatively deviated from established processes
• Identify common vulnerabilities through the use of automated tools and practical analysis.
• Identify obscure vulnerabilities by leveraging your expertise through manual analysis.
• Perform safe and reliable exploitation (to the extent possible) for exploitable vulnerabilities
• Understand network, operating system, and application-based detective and preventative controls and evade and/or circumvent such controls effectively.
• Quickly and efficiently perform post-exploitation activities .to demonstrate the impact of compromise fully.
• Mastery of commercial tools, such as Nessus, BurpSuite Pro, and Maltego (or equivalent) and familiarity with tools such as Shellter, CobaltStrike, and Breach and Attack Simulation tools (e.g., AttackIQ)
• Mastery of common open-source tools, such as Nmap, Metasploit, and the Kali Linux Suite (or equivalent)
• Proficient with scripting languages, such as Ruby, Python, Bash, PowerShell, etc.
• Proven ability to write code to solve problems and automate tedious and time-consuming tasks during assessments 
• Exploit development and reverse engineering experience is strongly preferred.
• Assess wireless infrastructures and clients that utilize technologies including 802.11, Zigbee, RFID, and Bluetooth
• Proficiency with web application attacks (e.g., OWASP Top 10) is strongly preferred.
• Understanding of modern cloud architectures and common cloud service provider services and offerings
• Excels at both remote (phishing and vishing) and onsite/in-person social engineering attacks, with a focus on obtaining sensitive information, physical access, and/or logical access
• Physical security skills are strongly preferred, including lock picking, evasion of defensive controls, obtaining unauthorized access, and collecting sensitive information.
• Possess a solid understanding of TCP/IP, networking technologies, network segmentation, and vendor-specific technologies, such as Cisco and Juniper
• Possess a solid understanding of firewall concepts and vendor-specific technologies, such as Cisco, Palo Alto, and Checkpoint
• Possess a solid understanding of operating systems, such as Microsoft, Linux, and various Unix variants, as well as supporting technologies, such as Active Directory and LDAP
• Possess a solid understanding of databases, including vendor-specific technologies, such as MS SQL Server, Oracle, MySQL, and PostgreSQL
• Capable of assessing hardware/IoT devices, including firmware analysis
• Desire to initiate and conduct research projects
• Familiarity with automation tools such as Ansible

Business / Professional

• Ability to think outside the box when presented with complex problems
• Contributions to the information security community are strongly preferred, such as conference speaking, blog articles/white papers, and/or podcasts.
• Prizes continuous improvement and desires to aid with practice development as much as personal growth
• Possess a desire to mentor other team members and have a passion for sharing knowledge
• Ability to professionally interact with clients and maintain composure while resolving difficult situations
• Self-motivated and able to work independently, as well as being a reliable addition to team projects
• Ability to effectively multitask and efficiently manage time when simultaneously working on multiple projects
• Highly reliable and able to complete complex projects without significant oversight or supervision
• Possess a firm understanding of the concept of risk as it relates to a business
• Strong verbal communication skills include clearly articulating thoughts, being persuasive, and delivering presentations and training to technical audiences and all management levels.
• Excellent written communication skills for preparing formal deliverables, performing quality assurance reviews, and technical oversight for peers, proposals, training content, and white papers/blog articles
• Comfortable interacting with executive management and conveying technical findings in an appropriate business context

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 750 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 3,000 Enterprise-Level customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.  

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• 100% employer-paid medical and dental premiums with generous employer family contributions
• 12 corporate holidays starting in 2023 and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Care plan