Lead Red Team Penetration Tester
OnDefend
Remote
Testing & Assessment
Job Overview
We are seeking a highly skilled and experienced Lead Red Team Penetration tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of offensive security, and the ability to lead and mentor a team of penetration testers. The successful candidate will play a critical role in simulating advanced persistent threats, identifying vulnerabilities, and enhancing our overall security posture.
We are seeking a highly skilled and experienced Lead Red Team Penetration tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of offensive security, and the ability to lead and mentor a team of penetration testers. The successful candidate will play a critical role in simulating advanced persistent threats, identifying vulnerabilities, and enhancing our overall security posture.
As part of this role, you will lead comprehensive security assessments of cloud-native, microservices-based architectures, focusing on web and mobile applications, cloud security testing, adversary emulation, and continuous security posture improvement. You will leverage your expertise in offensive security to validate the effectiveness of the organization's security controls and guide the development of robust defense strategies.
Key Responsibilities
- Leadership and Mentorship: Lead and mentor a team of penetration testers, providing guidance and support to ensure high-quality security assessments.
- Red Team Operations: Conduct advanced red team exercises to simulate real-world attacks and assess the effectiveness of security measures.
- Security Testing: Perform thorough security testing of developer operations and mobile applications (iPhone and Android), identifying security issues and vulnerabilities.
- Source Code Reviews: Conduct in-depth source code reviews to identify security flaws or weaknesses.
- Threat Modeling and Adversary Emulation: Utilize threat modeling and threat actor attack pathing to continually validate security controls.
- Reporting and Documentation: Execute detailed assessments and compile findings into comprehensive reports, including risk assessments and remediation strategies.
- Collaboration: Work closely with global development teams to provide actionable recommendations for improving security posture.
- DevOps Integration: Integrate security practices into the DevOps pipeline to ensure continuous security throughout the development lifecycle.
- Continuous Improvement: Stay updated with the latest security trends, vulnerabilities, and attack vectors, and assist in the development and implementation of security policies and procedures.
Required Skills and Experience
- Bachelor’s degree in Computer Science, Software Engineering, or a related field, or equivalent job experience.
- Professional certifications such as OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), CEH (Certified Ethical Hacker), or similar.
- 5+ years of experience in offensive security, red teaming, and penetration testing.
- Proficiency in multiple programming languages and understanding of secure coding practices.
- Strong analytical skills and attention to detail for identifying vulnerabilities.
- Experience with tools like Burp Suite Pro, Checkmarx, Corellium, Synopsys, Acunetix, VeraCode, SAST & DAST Tools, Plextrac, Cloud security (AWS / Azure / Oracle), Postman, SmartBear ReadyAPI, SoapUI, and Hashicorp Vault.