July 23
• Performing threat analysis and recommends appropriate course of action, mitigation, and remediation in response to security events and trends • Correlates and analyzes threat data from various sources to establish the identity of malicious users active in the computing environment. • Produce and review intelligence summaries accessible to all clients. • Engage with clients across report lifecycle: Initial scoping, finished intelligence delivery, and follow-up review / support • Develop novel, automated, or simpler processes for regular research and analysis • Track cyber threat trends across industries and technologies, and generate better ways to do so • Work on projects across multiple research teams with sometimes tight deadlines • Perform internal and external penetration testing of network infrastructure, applications, and database • Perform web/mobile application, wireless network, and vulnerability assessments • Provide support in design and development of purple team and red team exercises performing adversary simulations to test client controls. • Create comprehensive reports and effectively communicate findings to key stakeholders (technical and/or executive). • Identify and safely apply attacker tactics, techniques, and procedures (TTPs). • Develop scripts, tools, or methodologies to enhance Cyderes’ red teaming processes.
• Certifications such as CISSP, GSEC, GIAC, OSCP, CPT are preferred • 2-3 years of experience in three of the following areas: • Executing network, wireless, web application, and API penetration tests • Experience with Active directory (AD) and Kerberos • Experience conducting vulnerability management and assessments • Experience conducting social engineering assessments • Experience conducting Purple Team and Red Team exercises • Experience with Tenable.IO, Recorded Future, PlexTrac and Cymulate preferred • Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting, automation, and editing existing code • Developing, extending, or modifying exploits, shellcode or exploit tools • Reverse engineering malware, data obfuscators, or ciphers • Source code review for control flow and security flaws • General knowledge of the MITRE ATT&CK Framework • Thorough understanding of network protocols, data on the wire, and covert channels • Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell
Apply NowApril 25
501 - 1000
🇺🇸 United States – Remote
💵 $104k - $130k / year
💰 Venture Round on 2022-02
⏰ Full Time
🟢 Junior
👮♂️ Security Engineer
🚫👨🎓 No degree required
🦅 H1B Visa Sponsor