We are seeking a Penetration Tester to develop and implement a Red Team/Hunt function. The selected candidate must have previous Red Team/Hunt experience and meet the competency of a mid to senior level penetration tester. The position will be responsible for performing test-based assessments of client infrastructures using standard hacking methodologies. The candidate will maintain the highest ethical standards and adherence to established rules of engagement. The candidate should have excellent communication skills, both written and oral, and have the ability to interact successfully with clients from the executive level down in both structured and unstructured situations.
- Assist with development of Red Team/Hunt processes, procedures, metrics and test schedule
- Assist with identification of technology required to perform Red Team function
- Assist with development of Threat Hunting function that leverages threat intelligence and Indicators of Compromise (IOCs) to detect threats, identify security gaps and improve SOC operations.
- Provide on the job training to Red Team/Hunt team and coordinate tasking for team members
- Assist with development and maintenance of adversary campaign tactics for Red Team use.
- Perform application and infrastructure based penetration tests.
- Perform physical security review.
- Perform social engineering tests.
- Perform reviews and audits of information security programs and processes as required, covering web application and services, applications software, and computer networks.
- Develop scripts and programs for penetration test automation.
- Have understanding of, and experience in, evaluating nation-state, hacktivists, and cybercriminal capabilities and activity.
- Communicate to team members and senior leadership cyber risk(s) to the enterprise though operational briefings and penetration test reports.
- Ability to identify trends in cyberspace with regards to adversary tactics, techniques, and procedures, targeting, malware development and implementation.
- Track metrics and trend analysis on discovered attacks, vulnerabilities, and mitigations.
- Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
- Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
- Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
- Located at the client site in a leadership role representing Leidos Commercial Cyber Solutions.
- Strong cyber threat intelligence and information security experience in complex organizations.
- Previous penetration testing experience and familiarity with commonly used tools and tactics.
- Familiarity with cyber security threats, defenses, motivations and techniques.
- Familiarity with security concerns facing large enterprises.
- Experience with offensive security analysis tools and tactics.
- Experience performing open source research.
- Experience distilling raw information into actionable intelligence.
- Proficiency with Microsoft Office, PowerPoint and Microsoft Publisher.
- Familiarity with Python, Perl, or Ruby.
- Must be self-starter, eager to take the initiative.
- Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc a plus.
- Possession of industry standard certification such as OSCP, CEH, GPEN and/or other relevant penetration testing related certifications a plus.
- Familiarity with the creation of Metasploit modules a plus.
- Familiarity with public cloud architectures and SOC operations that support public cloud operating models.
- Preferred skills include experience with Operational Technology testing (ie. ICS, PCN, SCADA, etc).
Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.
Click the following link for more information on your rights as an Applicant – http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law
A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2017 global revenues of EUR 12.8 billion (about $14.4 billion USD at 2017 average rate).
Visit us at www.capgemini.com. People matter, results count.