Note: The job is a remote job and is open to candidates in USA. Bishop Fox is a leader in continuous offensive security and penetration testing, dedicated to safeguarding digital landscapes for top global organizations. They are seeking a Senior Red Team Consultant to lead red teaming engagements, tackle complex security challenges, and provide expert guidance to clients on their security posture.
Responsibilities
- Running red teaming engagements
- Researching and profiling organizations
- Defining attack objectives
- Crafting attack tree graphs
- Performing operations based on planning
- Communicating with customers about their attack surface
- Reporting on steps taken and issues discovered
- Providing tailored and actionable recommendations
- Solving challenging technical problems
- Building creative solutions in a client-facing role
- Providing expert opinion to help clients navigate business decisions
- Leading small teams on engagements
- Mentoring co-workers
- Contributing to the advancement of the consulting practice
Skills
- 5+ years of offensive security experience supporting a variety of adversary emulation engagements (red teaming and purple teaming) with clients from a variety of industries
- Working knowledge of all common operating systems such as Windows, MacOS, Linux, ChromeOS
- Expertise in Windows Active Directory exploitation and lateral movement
- Working knowledge of 'cloud' platforms (AWS/Azure/GCP and O365/Google Workspace) and container technologies (Kubernetes/Docker)
- Hands-on experience with c2 frameworks like Sliver, Nighthawk, Mythic, and others
- Experience with custom tool and payload development, as well as reverse engineering, and evasion techniques
- Experience researching and developing EDR evasion techniques
- Proficiency in multiple programming languages (preferably Python, Golang, JavaScript/TypeScript, C#, C/C++, PowerShell, and/or Bash)
- Network and web-related protocol knowledge (e.g., TCP/IP, HTTP, HTTPS, etc.)
- Demonstrated experience with social engineering, conducting reconnaissance, development, and delivery of phishing/vishing pretexts as well as an understanding of email security technologies and other related countermeasures
- Excellent written and verbal communication skills
- Expertise in exploit development and/or assembly (x86/arm)
- Threat modeling, threat intelligence, or incident response experience
- Experience with DevOps and CI/CD technologies
- Experience conducting physical penetration testing engagements, including entry skills, RFID hacking, and alarm bypasses
- OSCP/E, GWAPT, GPEN, or GXPN certifications can be helpful, but are not a necessity
Benefits
- Generous Time Off and Company-Wide Holidays
- Team Events and International Travel Opportunities
- Work From Home Support
- Monthly Allowance for Cell Phone and Internet
- Training Budget
- Retirement; 401k Matching for Traditional and Roth Accounts in the US
- Health Insurance Options Including Medical, Dental, Vision
- Paid Parental Leave
Company Overview