SUMMARY

As the Red Team Lead, you will lead a team with the responsibility of validating the security posture of D&H's Infrastructure, Application and Security controls. The team will enhance existing service offerings & security testing capabilities and conduct hands-on technical testing focused on identification of complex vulnerabilities in all infrastructure and products. The lead must participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate technical information as appropriate in support of D&H's critical business and operational infrastructure needs.

To succeed in this role, the candidate will possess breadth and depth of knowledge in the security of operating systems, networking protocols, firewalls, databases and middleware applications, forensics, scripting and programming, cloud security. You are expected to continuously learn and research to improve your and the team's tradecraft keep up to date with the continuously evolving threat landscape.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Lead a team of highly skilled operators
• Interface directly with executive leadership and technical staff to lead Red Team engagements
• Plan, coordinate, authorize, and execute threat intel informed, scenario based, red team operations; both short and long duration
• Develop detailed testing plans and use-cases to ensure coverage of scope and reduction of attack surface
• Collaborate with various stakeholders and teams e.g., Threat Intel, Blue Team, Vulnerability Management, Security Engineering etc.
• Conduct full exploitation within multiple environments, including complex Active Directory and mixed Windows, *nix and MacOS environments
• Synthesize and report findings, develop remediation recommendations, and track implementation through to completion
• Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
• Develop comprehensive, accurate reports targeting both technical and executive audiences
• Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel
• Define and maintain a set of Standard Operating Procedures (SOP), Rules of Engagement (ROE), Methodologies and checklist for Red and Purple Team operations
• Build, develop, and maintain a technical team to provide Offensive Security Testing services to the organization
• Procure, develop, maintain and refine an inventory of security tools needed for various operations
• Identify, collect, and report metrics related to program progress, operations, and findings
• Research and identify undiscovered, newly discovered and previously identified threats, vulnerabilities and misconfigurations
• Assess, document, socialize and implement mitigation strategies for newly discovered threats or vulnerabilities that may result in risk to the company
• Maintain detailed knowledge of cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications
• Lead other team members while working with business units to remediate identified issues
• Independently maintain complex project tasks, interface with various teams, and ensure other team members remain on schedule
• Provide training and mentorship to other members of the team
• Aid in the design of security policies for the organization
• Assist in process improvements to enhance the efficiency of current operational procedures

• Effectively deal with rapid change in a positive manner and lead staff through changing priorities Coordinate relations with and serve as a liaison between business and IT staff

• Develop short-term and long-term department goals which support long-term strategic goals
• Participate in all company/location driven communication efforts, including huddles, department meetings, and other related efforts
• Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing
• Perform all other duties as assigned by management in a professional and efficient manner

ADDITIONAL DUTIES:

• Ability to communicate topics and concepts to the team and a diverse audience
• Ability to handle multiple overlapping projects and competing deadlines
• Strong time management, attention to detail and communications skills

QUALIFICATIONS 

• Exceptional verbal and written communications skills
• Demonstrated personal management skills
• Effectively communicate complex technological issues in business terms at any level within the organization
• Respond to customer inquiries, effectively communicate critical problems, and discuss resolutions with management
• Highly self-motivated
• Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency situations with guidance and supervision

EDUCATION and/or EXPERIENCE

• Bachelor’s degree in Cybersecurity or similar area of study required or equivalent years of related work experience
• Bachelor’s degree in Cybersecurity or similar area of study preferred
• 7 years of experience in cybersecurity including:
• Conducting Offensive Security Testing (i.e. Red Teaming, Purple Teaming, Threat Intelligence Led Penetration Testing, and Product Testing)
• Performing, overseeing, improving and providing feedback on the services offered, i.e. Red Team, Purple Team etc.
• Designing a program and creating Standard Operating Procedures, Rules of Engagement, Testing Methodologies
• Conducting advanced penetration testing exercises (Network, Web Application, Mobile and Cloud)
• Working in various environments like Windows, Linux and MacOS, and an understanding of various attack paths and attack vectors in these environments
• Identifying and exploiting vulnerabilities and mis-configurations
• Reporting finding and developing pragmatic recommendations with the product ecosystem in mind
• Developing, extending, or modifying exploits, shellcode, or exploit tools
• EDR evasion, email sandbox evasion, network egress control evasion
• Cloud based red team infrastructure creation and development
• Emulating advanced adversarial TTPs
• Ability to identify attack paths for lateral movement and privilege escalation
• Reducing attack surface of the organization
• Experience with offensive tools and platforms such as Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver, Bloodhound, Ghostpack, Nmap, Nessus, Zmap, Massscan, EyeWitness, Burp Suite
• Experience with system maintenance, monitoring, and alert resolution preferred

• Industry certifications (OSCP, CRTO, OSEP, OSED, OSMR, OSEE, OSWE, OSWP, GPEN, GCIH, GWAPT, GDAT or GXPN or similar) preferred
• Scripting experience in PowerShell, Python or Perl preferred

WORK SCHEDULE

• Fulltime position (40 hours a week)
• Overtime, Weekends, Holidays, as required

LANGUAGE SKILLS

• Excellent oral and written communication skills
• Ability to read and comprehend instructions, correspondence, and memos
• Ability to write correspondence and/or complete employment forms

MATHEMATICAL SKILLS

• Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers

REASONING ABILITY

• Ability to apply common sense understanding to carry out instructions furnished in written, oral, or diagram formats

CERTIFICATES, LICENSES, REGISTRATIONS

Post hire certifications may be required to gain knowledge needed to stay current in field.

PHYSICAL DEMANDS 

While performing the duties of this job, the employee is regularly required to sit, stand, walk, use hands and fingers, reach with arms, talk and hear.  The employee will frequently be required to stoop, kneel and crouch.  The employee may occasionally lift and/or move up to 20 pounds.  Specific vision abilities required by this position include close vision, distance vision, and ability to adjust focus.

WORK ENVIRONMENT 

This is a Full-time remote position.