Locations Waterford, Waterford, Ireland Toronto, Ontario Manila, National Capital Region (Manila)
time type Full time
posted on Posted 4 Days Ago
job requisition id JR00105507
You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.
Job Description:
Position Summary:
The primary objectives for the Information Security team are to protect confidential and sensitive information and to maintain operational stability resulting from cyber-attacks. Offensive Security (Red Team) members contribute to these objectives by performing assessments that proactively identify security exposures within the Sun Life environment that go beyond the realm of traditional penetration testing. A successful senior red team operator, specializing in offensive security, must possess a diverse set of competencies to effectively simulate cyberattacks and identify vulnerabilities within an organization's systems. Firstly, a deep understanding of various attack vectors and techniques is essential, including knowledge of malware, social engineering, and exploit development. Additionally, proficiency in network and application penetration testing is crucial for identifying weaknesses in infrastructure and software. Strong analytical skills are necessary to assess risks and prioritize targets accurately. Effective communication skills are vital for conveying findings and recommendations to stakeholders. Finally, adaptability and creativity are indispensable traits for devising innovative attack strategies and staying ahead of evolving threats in the cybersecurity landscape.
What you will do
The essential functions and responsibilities of this position include but are not limited to the following:
* Plan, carry out, and report on Offensive Security (Red Team) assessments, attack simulations and adversary emulation exercises to identify vulnerabilities in critical information systems.
* Perform network penetration, web and mobile application testing, source code reviews, threat analysis, and social engineering assessments.
* Develop scripts, tools, and programs for Red Team operations.
* Manage, maintain, and improve an OPSEC-focused state-of-the-art command-and-control (C2) red team cloud environment (AWS, Azure, GCP ,Digital Ocean)
* Assist with and develop security control evasion and bypass capabilities.
* Work with other parts of the business to develop a method for testing detection capabilities through Purple Team Exercises and Red Team exercises (e.g., IA scenarios, AB scenarios etc.)
* Research latest threats and adhere to guidelines on Red Team Frameworks
* Assist in the production of weekly/ monthly reports on security vulnerability trending and direction.
Position Requirements and Qualifications:
* 5-7 years’ experience in an offensive security / penetration testing role.
* University degree in computer science, computer engineering or computer security.
* Strong, demonstrable experience in offensive security programming and automation languages: C, C++, ASM, C#, JavaScript, PowerShell, Rust, Nim etc.
* Minimum 2 years mentoring junior and mid-level operators on red team tradecraft
* Minimum 4 years of experience in delivering technical red team reports and briefings
* A general understanding of information security concepts and security trends and practices
* Problem solving with creative solutions.
* Maintain high technical knowledge of systems and solutions.
* Industry certifications (OSCP/SANS/CEH/CISSP, CPTS) are a strong asset.
* Understand operation systems (OS), network protocols, application configuration with excellent report-writing skills.
* Strong communication and presentation skills
Preferred knowledge or qualifications in the following:
* Experience in leading grey/black hat engagements from start to finish.
* Network, Application or Mobile Penetration testing experience.
* Experience in reverse engineering (including x86)
* Offensive Security tooling experience: Cobalt Strike, EDR Evasion, Social Engineering platforms, Malware techniques, Custom tooling, and pipeline development.
* Proficient in Active Directory exploitation (On-Prem and Cloud)
* Related projects in cybersecurity, programming, etc.
* OSINT (Open-source intelligence gathering)
* Social engineering techniques and tactics
* Défense in depth security concepts including MITRE framework.
* IaaS and SDN Cloud Environments (AWS, Azure, Digital Ocean)
* Interpreted languages (Ruby, Python, PHP, etc.)
* Compiled languages (Java, C, C++, Assembly, etc.)
* Windows/Linux/UNIX/OSX internals
Job Category:
IT - Technology Services
Posting End Date:
22/12/2024
Shine together
At Sun Life, you can be your most brilliant self. Our supportive, flexible, and inclusive work environment is one where you – and your career – can thrive. Whatever your aspirations, collaborative leaders and colleagues are ready to help you learn, grow, and succeed.
We’re a global company with a passion for people. Our purpose is to help Clients achieve lifetime financial security and live healthier lives. As a team of 30,000 across 26 countries, our impact is far-reaching, and locally relevant There’s power in numbers. As part of Sun Life’s growing team, you have an impact on people in your community and around the world.
Shape the future
With an optimistic eye on a brighter future, we drive to innovate. Be part of leading change, push boundaries and try new ways of working. Use data to drive bold actions. Be agile and pivot as we test and learn. At Sun Life, we’re driving transformation, sustainability and innovation for our Clients, employees, partners, and communities. Join us. Together, we can make the future brighter.
#J-18808-Ljbffr