Principal Red Team Operator

Responsibilities:

• Document processes, procedures, and workflows for Red Team operations.
• Perform a full range of Red Team activities, including network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, social engineering testing, and detection evasion techniques.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Collaborate with senior leadership to enhance the Red Team strategy and improve the company's security posture.
• Effectively communicate findings and strategies to client stakeholders, including technical staff, executive leadership, and legal counsel.
• Provide practical and risk-appropriate recommendations to address vulnerabilities.
• Configure and safely use attacker tools, tactics, and procedures in Figment environments.
• Enhance Figment's red teaming processes by developing and improving scripts, tools, and methodologies.
• Offer recommendations and guidance to enhance the defensive capabilities of the team and its ability to defend the Figment Enterprise.
• Provide mentoring and training to Blue Team members and actively participate in cross-team security exercises.
• Provide technical expertise and support during incident response and assist in creating post-incident action plans.

Qualifications:

• Bachelor's degree or four or more years of work experience
• Experience in network penetration testing and manipulation of network infrastructure.
• Experience in API and web application assessments.
• Experience in email, phone, or physical social-engineering assessments.
• Experience in shell scripting or automation of simple tasks using Bash, Perl, Python, or Ruby.
• Experience developing, extending, or modifying exploits, shellcode or exploit tools.
• Experience with container orchestration management tools.
• Experience with source code review for control flow and security flaws.
• Experience with Red, Blue, or Purple teaming exercises.
• Strong knowledge of tools used for wireless, web application, container and network security testing, such as Kali Linux, Metasploit, Burp Suite, Core Impact, Cobalt Strike, Nessus, Web Inspect, and Scuba.
• Strong technical writing.