Cyderes
Senior Security Consultant - Offensive Security
Cyderes, Kansas City, Missouri, United States, 64101
Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.About the JobCyderes is looking for a Security Consultant to join Cyderes’ Offensive Security team to assist clients across a range of topics to support requests for information from organizations of many sizes and in several industries. This consultant will focus on Pen Testing, Red Team and Purple team simulation and supervising intelligence to support a general range of topics, but may also need to support other cadences of reports, such as weekly, monthly, and quarterly reports. Writing these reports requires the ability to work with or automate datasets from Cyderes platforms.The Security Consultant should have a technical proficiency in but not limited to network operations, application security, vulnerability management, and operating system functionality. They will assist in identifying gaps and improving the overall security posture for Cyderes’ clients.Responsibilities:
Performing threat analysis and recommends appropriate course of action, mitigation, and remediation in response to security events and trendsCorrelates and analyzes threat data from various sources to establish the identity of malicious users active in the computing environment.Produce and review intelligence summaries accessible to all clients.Engage with clients across report lifecycle: Initial scoping, finished intelligence delivery, and follow-up review / supportDevelop novel, automated, or simpler processes for regular research and analysisTrack cyber threat trends across industries and technologies, and generate better ways to do soWork on projects across multiple research teams with sometimes tight deadlinesPerform internal and external penetration testing of network infrastructure, applications, and databasePerform web/mobile application, wireless network, and vulnerability assessmentsProvide support in design and development of purple team and red team exercises performing adversary simulations to test client controls.Create comprehensive reports and effectively communicate findings to key stakeholders (technical and/or executive).Identify and safely apply attacker tactics, techniques, and procedures (TTPs).Develop scripts, tools, or methodologies to enhance Cyderes’ red teaming processes.Requirements:
Certifications such as OSCP, GSEC, GIAC, CPT are preferred2-3 years of experience in three of the following areas:Executing network, wireless, web application, and API penetration testsExperience with Active directory (AD) and KerberosExperience conducting vulnerability management and assessmentsExperience conducting social engineering assessmentsExperience conducting Purple Team and Red Team exercisesExperience with
Tenable.IO , Recorded Future, PlexTrac and Cymulate preferredExperience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting, automation, and editing existing codeDeveloping, extending, or modifying exploits, shellcode or exploit toolsReverse engineering malware, data obfuscators, or ciphersSource code review for control flow and security flawsGeneral knowledge of the MITRE ATT&CK FrameworkThorough understanding of network protocols, data on the wire, and covert channelsMastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShellCyderes
i s an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.
#J-18808-Ljbffr
Performing threat analysis and recommends appropriate course of action, mitigation, and remediation in response to security events and trendsCorrelates and analyzes threat data from various sources to establish the identity of malicious users active in the computing environment.Produce and review intelligence summaries accessible to all clients.Engage with clients across report lifecycle: Initial scoping, finished intelligence delivery, and follow-up review / supportDevelop novel, automated, or simpler processes for regular research and analysisTrack cyber threat trends across industries and technologies, and generate better ways to do soWork on projects across multiple research teams with sometimes tight deadlinesPerform internal and external penetration testing of network infrastructure, applications, and databasePerform web/mobile application, wireless network, and vulnerability assessmentsProvide support in design and development of purple team and red team exercises performing adversary simulations to test client controls.Create comprehensive reports and effectively communicate findings to key stakeholders (technical and/or executive).Identify and safely apply attacker tactics, techniques, and procedures (TTPs).Develop scripts, tools, or methodologies to enhance Cyderes’ red teaming processes.Requirements:
Certifications such as OSCP, GSEC, GIAC, CPT are preferred2-3 years of experience in three of the following areas:Executing network, wireless, web application, and API penetration testsExperience with Active directory (AD) and KerberosExperience conducting vulnerability management and assessmentsExperience conducting social engineering assessmentsExperience conducting Purple Team and Red Team exercisesExperience with
Tenable.IO , Recorded Future, PlexTrac and Cymulate preferredExperience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting, automation, and editing existing codeDeveloping, extending, or modifying exploits, shellcode or exploit toolsReverse engineering malware, data obfuscators, or ciphersSource code review for control flow and security flawsGeneral knowledge of the MITRE ATT&CK FrameworkThorough understanding of network protocols, data on the wire, and covert channelsMastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShellCyderes
i s an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.
#J-18808-Ljbffr