Red Team Operator - Network Vulnerability Tester
Job Description : Job Description
The Red Team Operator is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of SunTrust infrastructure and applications. This role will work closely with the SunTrust Red Team Manager to develop attack simulations, identify, evaluate, and remediate potential weaknesses in SunTrust systems and processes using both manual and automated methods. The successful candidate will perform the following:
• Plan and execute adversary simulation engagements (internal and external penetration tests and/or red team operations against corporate web applications, APIs, networks, Windows and *nix variants)
• Build scripts, tools or methodologies to enhance, streamline, and automate attack simulation offensive capabilities
• Communicate findings, attack paths, and recommendations to technical, non-technical, and SunTrust Executive stakeholders through written reports and verbal presentations.
• Employs comprehensive wireless penetration testing techniques
• Perform systems reconnaissance & identify assets that may be a target for exploitation.
• Participate in technical testing from operational planning, campaign start, remediation, and briefing staff.
• Gain access via networks, operating systems or one (or more) applications, and identify tools and methodology to establish command and control (C2).
• Conducts physical penetration tests (reconnaissance and planning).
• Executes advanced social engineering techniques.
• Executes privilege escalation and lateral movement techniques. Qualifications
- Bachelor's degree or equivalent and 2 years of related experience or an equivalent combination of education and experience.
- Solid understanding of principles, practices, theories, and/or methodologies associated with the computer and network security, incident response, digital forensics, intelligence and/or counterintelligence discipline.
- Ability to manage competing priorities.
- Ability to solve problems in straightforward situations by analyzing possible solutions using experience, judgment and precedents.
- Awareness of industry competitive landscape and the factors that differentiate our Company from other banks in the market.
- Ability to communicate complex information in straightforward situations.
- Familiarity with exploitation simulation suites (e.g. Empire or Cobalt Strike)
- Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
- Familiarity with vulnerability management and penetration testing tools (e.g., NMAP, Nessus, Burp, ZAP, Nexpose, etc.)
- Operating system internal functions, reading/writing assembly language (e.g. x86, x64, ARM, PPC, etc.)
- Cryptography (MDx, SHA, DES, AES, etc.) and developing/breaking embedded systems
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.
To review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf