Red Team Lead in New York, NY at Vaco

Date Posted: 6/7/2019

Job Snapshot

Job Description

Vaco is a private-equity backed solutions company that provides consulting, managed services, staffing, and placement services globally. Established in 2002 by "Big 4" consulting veterans, Vaco now has over 40 offices and has worked with over 9,000 clients. We have over 6,000 consultants and been named to Inc. magazine's list of fastest-growing private companies for the past 12 years. Vaco offers boutique services with global reach.

The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Cyber Security Operations, Managed Services, Governance, Risk, and Compliance.

Job Description:

The Cybersecurity Red Team is dedicated to performing 'objective-based' assessments replicating known threat actors, with known (TTP's) tactics, techniques and procedures. The Cybersecurity Red Team Lead will coordinate and oversee execution of ethical hacking and penetration tests of the Client's information environment including both physical and logical security controls and systems. The goal will be to assess and analyze security posture as well as its ability to respond to hacker-simulated attacks. This position requires an established expert responsible for scoping engagements, presenting results and methodologies, and working with stakeholders across Cybersecurity, ITS, and business units to remediate findings. This position requires a professional who works well with others, and performs in challenging situations, is pragmatic, and is motivated by long-term results. Finally, the Cybersecurity Red Team Lead will be responsible for communicating testing methodologies and findings to executive leadership in Cybersecurity, IT, and other business units.

Required

  • Demonstrated level of integrity when dealing with confidential and sensitive information
  • Demonstrated knowledge of tactics used by malicious insiders, techniques and procedures associated with state sponsored threat actors
  • Must be able to examine an organization from the standpoint of a threat actor and articulate risk in clear, precise terms
  • Ability to effectively code in a scripting language (Python, Perl, etc)
  • Demonstrated knowledge of internal penetration testing tactics, techniques, and procedures
  • Experience performing application security source code reviews
  • Experience developing custom exploits
  • Hands-on experience in the security aspects of multiple platforms, operating systems, software, and network protocols
  • Hands-on experience with commercial and open-source network and application security testing tools

Tools:

  • Burp Suite
  • Cain & Able
  • SQLMap
  • John the Ripper
  • Wireshark
  • Nmap
  • Metasploit
  • BurpSuite
  • Kali Linux

Certifications a Plus:

  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • CompTIA PenTest+