Job Details

• Identify and mimic the tactics, techniques and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries
• Combine cyber threat intelligence with vulnerabilities to simulate relevant threats, evaluate client incident response (IR) capabilities, help security operations teams prepare for worst-case scenarios
• Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers
• Foster security awareness culture, mentor team members, perform presentations and demonstrate hacking techniques
• Publish relevant security standards, practices, guidelines and processes
• Research and integrate tools, processes and techniques to improve vulnerability analysis, forensics capabilities, network and data security, and threat management
• Effectively communicate findings to stakeholders at all levels across the organization
• Conduct research, penetration testing, and vulnerability assessments on external-facing resources and internal assets to determine risks
• Maintain regular focus on latest industry techniques, tools and research; be able to develop and explain technical decisions and separate fact from opinion and speculation
• Improve overall cyber resilience to the next level of maturity and effectiveness

• Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
• Experience writing code in one or more programming language (Python, C/C++, JavaScript, Java, etc.)
• Related certifications such as the OSCP or CEH
• 2+ years of experience on coordination and execution of Web application, network, and system penetration tests with good understanding of OWASP TOP 25
• Knowledge of ATT&CK and its uses within the cybersecurity community (e.g., Open Source projects)
• Experience with encryption protocols (i.e., SSL/TLS) and algorithms (RSA, AES, etc.)
• Familiarity with attack emulation/penetration tools, ie. APT Simulator and Metasploit
• Expertise on application security including web application penetration testing and debugging and reverse engineering
• Experience in red teaming, penetration testing, exploitation
• Experience in incident response (hunt), blue teaming
• Must be a strong technical leader in the analysis of information security vulnerabilities
• Good project management skills and familiarity with ensuring security by design inside of a System Development Life Cycle (SDLC) process.

Reference ID - GH/EPC/JC//21112019//87824/Adversary Simulation Specialist