Back to search results

Penetration Tester (Red Team)

Denver, Colorado;

Job Description:

The Adaptive Threat Replication (aka Red) team within the Cyber Security Defense division of GIS is looking for a talented and experienced engineer to join a team of world-class offensive security (Red Team) talent.  This engineer will assist in mentoring, training, and actively testing with a suite of teams who validate controls, test technologies, replicate threats, and research emerging threats.  The engineer in this role is expected to provide technical expertise to junior engineers, coordinate with senior leadership on development projects, and assisting the monitoring and response function understand the techniques used so those functions can practice and improve their capability to respond and recover against a realistic threat actor. The engineer in this role should be equally capable of operating on an assessment and mentoring less experienced subordinates. 

  • Must have experience effectively interacting with a diverse set of personalities and talent
  • Must be able to effectively communicate to anyone in the organization, from the most technical operator to the least technical business partner
  • Must be very proficient with the common tools associated with penetration testing (Metasploit (preferred), Burp Suite, Cobalt Strike, etc.)
  • Must have a solid understanding of voice and data networks, major operating systems, active directory, and their associated peripherals
  • Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
  • Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
  • Ability to effectively code in a scripting language (Python, Perl, etc.)
  • Should have 4+ years of experience
  • Desirable certifications:  OSCP, GPEN, OSCE
  • Prefer previous experience working in the financial industry

Enterprise Position overview:

Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-20012469

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

Referral Bonus: