Cyber Security Red Team Engineer

Job Description

Cyber Security Red Team Engineer Job Description As a Cyber Security Red Team Engineer you will:
• Plan and execute offensive security engagements through penetration testing, red team operations, social engineering, physical security assessments, web application assessments
• Perform offensive cyber security engagements simulating adversaries during red team operations leveraging adversarial Techniques, Tactics and Procedures (TTPs)
• Manually assess the security posture of our Extension, Web and Mobile clients
• Evaluate and leverage automated tools that perform security assessments
• Evaluate the security posture of third-party integrations and partnerships
• Translate red team engagement findings into actionable items for both technical and executive audiences
• Create POCs for vulnerabilities found in Kimberly-Clark
• Create scripts, tools, or methodologies to enhance Kimberly-Clark s offensive security capabilities
• Create technically flexible remediation strategies for vulnerabilities
• Work with the security development team and application security to improve and automate application security assessments
• Research previously unknown vulnerabilities in Kimberly-Clarks infrastructure
• Lead threat modeling and tabletop exercises
• Evaluate and contribute to Kimberly-Clarks overall security strategy
SECONDARY RESPONSIBILITIES WILL INCLUDE:
• Assist with forensics, incident response and reverse engineering
• Deploy security assessment
• Lead secure code trainings
• Integrate security tools in the CI/CD and SDLC processes
• Develop and/or extend scripts to enhance Kimberly-Clarks security assessment tools and processes
• Assist with the Security Operations Center
MINIMUM REQUIREMENTS:
• 3 years of Red Team experience simulating adversaries
• 5 years hands on experience with penetration testing
• Experience with penetration testing networks, wireless networks, and web applications
• Experience with physical security assessments, and social engineering
• 5 years hands on experience with Metasploit AND Kali Linux
• Experience with Command and Control (C2) frameworks
• Possess a high level of proficiency in web, browser and mobile security
• Possess a high level of proficiency in the penetration testing process and methodology
• Possess a high level of proficiency in Active Directory and networking
• Strong understanding of the state of information security, including, but not limited to TTPs of real-world adversaries
• Strong understanding of the MITRE ATT&K framework
• Strong understanding of system and application vulnerability classes
• Well-rounded knowledge in security tools, software and processes
• Knowledge in identity access, access control, network/host intrusion detection, intrusion prevention and patch management tools
• Knowledge of Cloud, Containers and Container Orchestration tools
• Knowledge of programming or scripting languages, such as C#/.NET, C, Python, PowerShell, Bash
• Knowledge of regulatory security frameworks
• Ability to write clearly and concisely for both technical and executive audiences
• Bachelor s Degree (preferred)
• Industry certifications like OSCP, OSCE, GXPN, GPEN, GWAPT, AWS, are highly desired for this role
ORGANIZATIONAL RELATIONSHIPS/SCOPE: Role will report to the department leader in the ITS Infrastructure, Application (ITAS) or PMO organization and will have no formal direct reports.Key Interfaces:
• Cyber Security Red Team
• Director of Cyber Security
• Chief Information Security Officer
• IT Strategic Leadership Team (L4s)
• Global IT leadership
• Regional and Functional Subject Matter Experts
External Interfaces:
• Consultants
• 3rd Party software providers
• Cloud solution providers
Global VISA and Relocation Specifications:K-C requires that an employee have authorization to work in the country in which the role is based. In the event an applicant does not have current work authorization, K-C will determine, in its sole discretion, whether to sponsor an individual for work authorization. However, based on immigration requirements, not all roles are suitable for sponsorship. This role is available for local candidates already authorized to work in the role s country only. K-C will not provide relocation support for this role. Primary Location IT Centre Bengaluru GDTC Additional Locations Worker Type Employee Worker Sub-Type Regular Time Type Full time,

Keyskills :
calibrationcaptive power plantcatalystdcsedcred teamcyber securityaccess controlsecurity toolsweb applicationteam operationstesting processthreat modeling