Logo
Informatic Technologies, Inc.

Sr Security Engineer

Informatic Technologies, Inc., , NY, United States


Principal Responsibilities

  • Lead red team exercises against a hybrid environment using threat intelligence and the MITRE Telecommunication &CK Framework.
  • Participate in purple team exercises that are intelligence driven to test cyber detections
  • Build and maintain Red and Purple team infrastructure, automating functions where possible.
  • Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members.
  • Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools.
  • Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables.
  • Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset.
  • Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
  • Active contributor to Red and Purple Team activities for internal presentations and conferences
  • Position RequirementsApprox 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge.
  • Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing.
  • Expert understanding of Red Team concepts, tools, and automation strategies.
  • Expert understanding of MITRE Telecommunication&CK framework tactics, techniques, and procedures.
  • Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability.
  • Expert understanding of Windows and Linux system hardening concepts and techniques.
  • Expert understanding of modifying payloads to bypass detections like EDR.
  • Expert understanding of how to compromise a company without using phishing.
  • Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.).
  • Experience with at least one cloud environment (AWS, GCP, Azure).
  • Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective.



  • Nice to havePrevious experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings.
  • Experience of using multi operating system command and control tools.
  • Experience developing custom attack tradecraft or modifying existing tools.
  • Experience using automated configuration management such as Chef.
  • Experience discovering and exploiting vulnerabilities in AI systems.
  • Experience of conducting Offensive Security and/or Red Team exercises against macOS, iOS, or ChromeOS.
  • Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc.
  • Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.).
  • Knowledgeable in Agile project management.