Red Team Operator

Introduction

The Red Team Operator will be part of the X-Force Red Offensive Security team. You will plan and execute remote operations dynamically emulating advanced threat actors to improve the detection and response capabilities of clients through long-term engagements. It is critical that the consultant be able to rapidly learn new technologies and processes with minimal assistance. There is a potential for up to 25% travel, including international travel.

Your Role And Responsibilities

Are you passionate about breaking into well defended networks, while evading mature detection strategies? Are you interested in joining a team of like-minded experts, many of whom have decades of experience breaking into anything and everything to help organizations strengthen their security? If so, X-Force Red, IBM Security’s team of veteran hackers, is looking for a Red Team Operator, and you may be the perfect fit.

Core Responsibilities

• Manage full adversary simulation engagements from conception to report delivery
• Communicate effectively with team members and clients during the engagement
• Keeping current with the latest offensive security techniques
• Perform adversary simulation of real-world adversary Tactics, Techniques, and Procedures (TTPs) by leveraging frameworks such as MITRE ATT&CK™ and other sources of information
• Develop payloads, scripts and tools that weaponize new concepts for exploitation, evasion, and lateral movement
• Engage in an active evasion of defenders to avoid detection and progress engagements
• Coordinate with other Red Team operators to achieve the specified goals
• Deliver reporting and debriefs to defenders in manner that improves detection and response capabilities
• Perform/present technical security research

Required Technical And Professional Expertise

• 3+ years of red teaming experience in a dedicated red team role
• 5+ years of system administration, network administration, or programming experience
• Ability to develop/modify exploits and payloads to avoid defensive countermeasures
• Understanding of real-world adversary operations methodologies, tactics, techniques, and procedures. In particular, the ability to apply frameworks (eg. MITRE ATT&CK™) in client engagements.
• Demonstrated history of published exploitation research
• Strong analytical and problem-solving skills
• Good interpersonal, organizational, communications, and time management skills
• Experience coordinating security testing projects with multiple consultants
• Effective English writing skills

Preferred Technical And Professional Experience

• History of presenting at security conferences
• Track record in vulnerability research and CVE assignments
• Knowledge of Windows APIs
• Knowledge of EDR detection capabilities such as Carbon Black/Crowdstrike, etc. and associated evasion techniques for behavioral based alerting
• Demonstrated exploit, payload, or attack framework development experience
• Expert level skills in one of the following: Active Directory, Software Development, or Cloud Infrastructure
• Relevant certifications from organizations like Offensive Security (OSCP/OSCE), SANS (GPEN, GXPN, GWAPT), or CREST CSAT/CSAM or demonstrable equivalent skills
• Prior security consulting experience

Key skills/competency

• Red Teaming
• Adversary Simulation
• Offensive Security
• Exploit Development
• Evasion Techniques
• MITRE ATT&CK
• Vulnerability Research
• Security Consulting
• Active Directory
• EDR Evasion