Senior/Lead Red Team Engineer

REDLattice is a dynamic company looking for engineers in the midst of amazing growth. Culture and employee happiness is our focus, which is why we sponsor many social events including game nights, CTF's, happy hours and outings. We offer top-notch benefits and employee ownership that makes offers from our company above others. In addition, REDLattice was voted one of Washingtonian's Top 50 Employers and Washington Business Journal's Top 100 Employers in 2019. We need talented folks who want to work on the forefront of cyber. Our positions are mission focused and operational in nature. As an Implant Java Software Engineer, projects will be undertaken in small teams with close coordination with customers to develop new or enhance existing tools.

REDLattice Inc. is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law.

Disclaimer: This job description indicates in general the nature and levels of work, knowledge, skills, abilities and other essential functions (as covered under the Americans with Disabilities Act) expected of an incumbent. It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of an incumbent. An incumbent may be asked to perform other duties as required.

As a senior member of the Red Team, you will be responsible to lead in the design and execution of adversarial based security testing of various targets. Successful candidates must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subse-quently leverage those discoveries into actionable real world attack strategies. Will provide leader-ship and guidance to advance the operational capabilities of the team and its subsequent ability to evaluate risk to the enterprise.

* Demonstrate an ability to structure a Red Team and optimize it for execution, including programmatic improvements to fill in gaps with the existing team.

* Perform and lead a full scope of Red Team testing; including network penetration, web ap-plication testing, threat analysis, wireless network assessments, social-engineering testing, and IDS/IPS/Antivirus evasion techniques.

* Utilize knowledge of operating systems, networking protocols, firewalls, databases, firm-ware, middleware, applications, forensic analysis, scripting, and programming to perform adversarial based security engagements.

* Develop comprehensive and accurate reports and presentations for both technical and exec-utive audiences.

* Mentor and lead junior technical operators and clearly translate highly technical information to senior management in a way that supports mission goals.

* Help define the Red Team strategy to further enhance the organization's security posture.

* Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.

* Provide risk-appropriate and pragmatic recommendations to correct vulnerabilities found.

* Configure and safely utilize attacker tools, tactics, and procedures to improve the security posture of mission systems.

* Develop scripts, tools, or methodologies to enhance the Red Team processes.

Required:

* Bachelor's degree and 15 years of work experience or Master's Degree and 10 years of work experience.

* Experience in network penetration testing and manipulation of network infrastructure.

* Sensitive

* Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.

* Experience developing, extending, or modifying exploits, shellcode or exploit tools.

* Experience with Red, Blue, or Purple teaming exercises.

* Working knowledge of exfiltration and lateral movement tradecraft.

* Working knowledge of OSINT collection/ reconnaissance techniques for target selection.

* Strong attention to detail with analytical and problem-solving skills.

* Knowledge of tools used for web application and network security testing, such as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Bloodhound, Powershell Empire, Nessus, Web Inspect, NMAP, Nikto, Sqlmap, etc.

* 8570 Level 3 IAT certification.

Desired:

* A degree in a technical field (Computer Science, IT Engineering, etc).

* Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.

* Experience with source code review for control flow and security flaws.

* An implementation level familiarity with all common classes of modern exploitation such as: XSS, XMLi, SQLi, Deserialization Attacks, etc.

* Thorough understanding of network protocols, data on the wire, and covert channels.

* Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell.

* Experience in mobile and/or web application assessments.

* Experience in email, phone, or physical social-engineering assessments.

* Programming skills as well as the ability to read and assess applications written in multiple languages, such as JAVA, .NET, C#, or others.

* Emulate ransomware and advanced persistent threats (APT) in support of Threat Hunt.

* Industry certifications such as OSCP/OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN.

REDLattice is a mission-focused provider of technology and services for CNO and non-traditional mission support. Since 2012, we have helped our customers deliver mission success and solve some of their most complex challenges.

We provide full spectrum capabilities from finding vulnerabilities in target systems to deploying global infrastructure. Our expertise in vulnerability research (VR), tool development, malware analysis, reverse engineering (RE), and advanced operational capabilities allow us unparalleled ability to support our customers.

We are defined by our ability to rapidly design, develop, and implement cutting edge solutions.