Sr. Cybersecurity Red Team & Forensics Engineer

The Red Team and Senior Forensics Engineer will be part of the Penumbra Cybersecurity team.

This role will be responsible for attack surface mapping, offensive Cybersecurity simulations and controls testing, providing real life actionable deliverables assisting the

company, IT, and business teams to understand what attackers will/can do during an attack and how to mitigate risks.

You will instruct on how adversaries utilize established tactics, techniques, and procedures (TTPs) in authentic attack scenarios.

Emphasis for this position will be placed on conducting genuine adversary simulations rather than confined penetration testing and designing and executing threat actor simulation scenarios employing intricate adversarial TTPs.

• Conduct forensics investigations across IT environment to analyze, recover digital evidence, investigate Computer, Network, App/Data security incidents to derive useful information in support of criminal activities and vulnerability mitigations across Network, Systems, Apps and Data.

• Conduct adversary emulation of real-world attack scenarios and evasive routines to help stress test controls.

• Perform Network, IAM i.e., privileged escalation, workflow compromise etc., Cloud Integrations, Web applications/ API penetration testing i.e., RESTful and SOAP, and Cloud Security Audits.

• Assist Cybersecurity operations team to spot, respond, and stop attacks as well as strengthen and improve our defense posture.

• Collaborate with multidisciplinary teams, i.e., Cybersecurity engineering, operations & SIRT, Infrastructure Engineering, and other business IT teams to help shape the next generation cybersecurity defenses to safeguard against new breeds of threats.

• Focus on designing, researching, and controlled execution of real-world attacks on infrastructure, products, applications, and data factories/warehouses.

• Lead and conduct controlled penetration tests against core network, server infrastructure and applications in a hybrid environment.

• Produce high quality reporting deliverables to stakeholders and senior management.

• Research new vulnerabilities and assist in identifying their impact on Penumbra business operations.

• Identify and develop custom tools to assist in making assessments more efficient, conduct realistic adversary simulations from conception through reporting.

• Utilize Threat Modeling methodologies to identify threats and shape Red Team operations.

• Incorporate current security trends, advisories, publications, and academic research.

• Conduct detailed reporting on the Red Team engagements providing an in-depth analysis of the security issues identified.

• Core focus on identification of attack paths, complex security vulnerabilities and building exploits.

• Investigate cybersecurity incidents and criminal activities across the enterprise.

• Securing temper-proof access to devices, systems, and networks that hold digital evidence related to any investigations.

• Finding and following data trails to link suspects to other dangerous parties.

• Recovering hidden, encrypted, or deleted information.

• Assess and prioritize exploitable vulnerabilities across the attack surface.

• Utilize exploit chaining to comprehensively explore all stages of the kill chain.

• Offering security insight to law enforcement personnel and prosecutors regarding their digital evidence.

• Interviewing cybercrime suspects or victims and engage with 3rd party investigators and/ or law enforcement.

• Collaborate with other business functional teams helping to prepare IT evidence for criminal trials.

• Develop detailed reports of forensics investigation, secure findings and present to stakeholders where required.

• Stay current with the latest trends among adversaries, exploits, and threats.

• Mentor other Cybersecurity team members.

• Gather and examine forensics data relevant to the criminal activity or issue at hand.

• Conduct in-depth analysis of digital evidence, attack path vectors used by perpetrators.

• Adhere to the Company’s Quality Management System (QMS) as well as domestic and global quality system regulations, standards, and procedures.

• Understand relevant security, privacy and compliance principles and adhere to the regulations, standards, and procedures that are applicable to the Company.

• Ensure other members of the department follow the QMS, regulations, standards, and procedures.

• Perform other work-related duties as assigned.

• Bachelor’s degree in computer science or related field with 8+ years of experience, or equivalent combination of education and experience

• Industry security certifications such as OSCP, OSEP, CEH, CHFI, or similar is preferred

• Strong knowledge in Scripting (3+ years’ experience of scripting PHP, Python, Perl, Ruby etc.), Infra as Code, CI/CD shift-left security, and data security

• Hands-on experience as an Offensive Cybersecurity Engineer, Red Teaming or Bug bounty programs, Pen-testing, Malware Analysis, Cybersecurity Investigator, Forensics data gathering and analysis.

• In-depth understanding of MITRE ATT&CK as well as Cyber Kill Framework.

• Must have excellent reconnaissance skills.

• Demonstrable proficiency in using remote code exploits, code injection, security misconfigurations to gain access to IT.

• Strong knowledge of Red Teaming tools, techniques, and tactics, designing red team exercises and objectives.

• Experience with performing detailed assessments and reporting in areas like Web/API’s, Application security across IaaS, SaaS, PaaS, Network security (On-prem & Cloud)

• Strong knowledge depth in directory services and IAM framework

• Proven problem solver with great collaboration and communication skills

In-depth knowledge of:

• Operating systems (UNIX/Linux, Windows, iOS, or Android) such as Security models, File systems, Databases, Process management and isolation, Inter-process communication, Networking, Network protocols, Routing, Cryptography etc.

• Strong hands-on knowledge in reverse engineering and/or exploitation techniques

• Experience in vulnerability analysis of source code and exploitation mitigation techniques.

• Experience in red teaming, pen-testing, tinkering or hackathons etc. is a must.

• Strong oral, written, and interpersonal communication skills

• High degree of accuracy and attention to detail

• Proficiency with MS Word, Excel, and PowerPoint

• Excellent organizational skills with ability to prioritize assignments while handling various projects simultaneously

• General office environment

• Willingness and ability to work on site.

• Requires some lifting and moving of up to 10 pounds

• Must be able to move between buildings and floors.

• Must be able to remain stationary and use a computer or other standard office equipment, such as a printer or copy machine, for an extensive period of time each day.

• Must be able to read, prepare emails, and produce documents and spreadsheets.

• Must be able to move within the office and access file cabinets or supplies, as needed.

• Must be able to communicate and exchange accurate information with employees at all levels on a daily basis

Individual compensation will vary over time-based on factors such as performance, skill level, competencies, work location and shift.