[Hiring] Red Team Consultant @Bishop Fox

Role Description

We’re seeking remote, US or Mexico-based hacking professionals focused on red teaming to join our team – and help us build a more secure world.

You are a born red teamer; you see problems and solutions in everything. You instinctively know your way around source code. You’ve plundered apps and pillaged networks (legally, of course). You have a passion for hacking that goes beyond a career – it’s a way of life for you. At this point, you may have accumulated a few disclosures, written blog posts, and given some industry talks.

With Bishop Fox you’ll be running red teaming engagements, starting with:

• Research and profiling organizations
• Defining attack objectives
• Crafting attack tree graphs and other key planning efforts

You will then perform operations based on planning to achieve the attack objectives through a variety of potential attack paths, including:

• Network
• Web applications
• Physical
• Social engineering
• Others

You will help our customers understand their attack surface by:

• Communicating ability to respond to incidents
• Reporting on steps taken and issues discovered
• Providing thoughtful, tailored, and actionable recommendations

As a consultant, you’ll solve challenging technical problems and build creative solutions in a client-facing role. As a trusted advisor, you’ll provide your expert opinion to help our clients navigate difficult business decisions including how to prioritize critical findings. And as a senior penetration tester, you’ll lead small teams on one-of-a-kind engagements, mentor co-workers, and contribute significantly to the advancement of our consulting practice.

Qualifications

• 2-4 years of offensive security experience supporting a variety of adversary emulation engagements (red teaming and purple teaming) with clients from a variety of industries.
• Working knowledge of all common operating systems such as Windows, MacOS, Linux, ChromeOS.
• Expertise in Windows Active Directory exploitation and lateral movement.
• Working knowledge of “cloud” platforms (AWS/Azure/GCP and O365/Google Workspace) and container technologies (Kubernetes/Docker).
• Hands-on experience with c2 frameworks like Sliver, Nighthawk, Mythic, and others.
• Experience with custom tool and payload development, as well as reverse engineering, and evasion techniques.
• Experience researching and developing EDR evasion techniques.
• Proficiency in multiple programming languages (preferably Python, Golang, JavaScript/TypeScript, C#, C/C++, PowerShell, and/or Bash).
• Network and web-related protocol knowledge (e.g., TCP/IP, HTTP, HTTPS, etc.).
• Demonstrated experience with social engineering, conducting reconnaissance, development, and delivery of phishing/vishing pretexts as well as an understanding of email security technologies and other related countermeasures.
• Excellent written and verbal communication skills.

Requirements

• Nice to have expertise in exploit development and/or assembly (x86/arm).
• Threat modeling, threat intelligence, or incident response experience.
• Experience with DevOps and CI/CD technologies.
• Experience conducting physical penetration testing engagements, including entry skills, RFID hacking, and alarm bypasses.
• OSCP/E, GWAPT, GPEN, or GXPN certifications can be helpful, but are not a necessity.

Benefits

• Generous Time Off and Company-Wide Holidays.
• Team Events and International Travel Opportunities.
• Work From Home Support.
• Monthly Allowance for Cell Phone and Internet.
• Training Budget.
• Retirement; 401k Matching for Traditional and Roth Accounts in the US.
• Health Insurance Options Including Medical, Dental, Vision.
• Paid Parental Leave.