Offensive Security Engineer –Red team

Company: Full Time Qatar Airways
  • Location: Doha, Qatar View on Map
  • Date Posted: December 15, 2022
  • Salary: Negotiable
  • Share:

About the job

About Role

You would be part of the Cyber Security team to design and execute Red Team Campaigns and exercises. You will work on complex assignments including traditional Red Team Campaigns, Vulnerability Assessments, Penetration tests, Purple Team Engagements, Code and Tradecraft Development for IT infrastructure, IT applications and OT/IoT environments.

Role & Responsibilities

  • Digesting and translating Cyber Threat Intelligence into bespoke attack scenarios for the purposes of measuring detection and response capabilities for IT infrastructure, applications, OT and IOT environments.
  • Conducting targeted penetration testing of exercise and test events with the application of targeted sophisticated attacks as a simulated adversary
  • Participating in event planning stages to develop cyber assessment plans and conducting no-notice penetration tests
  • Creating Red Team support materials (e.g. Probabilistic Attack Graphs, Cyber Exercise Playbooks etc.)
  • Assisting with the on-boarding of new members of the Red Team through work shadowing and knowledge transfer sessions
  • Supporting the identification of controls to remediating and/or mitigating identified security weaknesses of systems, applications, processes and procedures.
  • Ensuring that testing is conducted in accordance with regulatory frameworks and compliance requirements
  • Supporting the application of consistent use of Group and industry standard Test methodologies, standards and tools (including metrics).

Experience and Skills required for this role

  • Bachelor’s Degree with minimum 6 years of job related experience
  • Professional hands-on experience in Red Team activities specially Network Exploitation, Cloud Exploitation, Reverse Engineering, Red Team Operator and/or Exploit Development, (Incl., tools such as Cobalt Strike, Mythic, Covenant, other penetration testing frameworks, etc.)
  • Hands-on expertise on exploitation tools , latest exploit-db’s , Wifi attack methods
  • Experience in prepare detailed reports and brief to various stake holders
  • Strong experience with scripting and customized compiling in at least one language, (e.g., Python Ruby, Go, C/C++/C#, JavaScript)
  • Experience with the OWASP Top 10, CIS Critical Security Controls, NIST Cybersecurity Framework and MITRE ATT&CK
  • Experience in scripting and developing tools in Python, PowerShell, bash etc.
  • Proficiency in tools such as Nmap, Nessus, BurpSuite, Cobalt Strike, Metasploit, and Aircrack-ng
  • Experience in building\automating Red\Blue Team Infrastructure.
  • Expertise in performing advanced exploitation and post-exploitation attacks , writing proof-of-concept exploits and creating custom payloads and modules for common ethical hacking
  • Understanding of national and international laws, regulations, policies, and ethics related to penetration testing and Red Teaming

Certifications (preferred)

CRTP, CRTE, CRTO, CARTP, RTO, OSCP, OSCE3 (OSED/OSEP/OSWE), GPEN, GXPN and GCPN.

Related Jobs