M+E Technology Job Board
Senior Red Team Security Analyst
Independent Security Evaluators
Independent Security Evaluators (ISE) is a security consultancy that performs hands-on security assessments of applications, networks, devices, and whatever else our clients need. Our team enjoys working in a creative, educational, and comfortable environment where they can thrive professionally.
ISE is seeking a talented Senior Red Team Security Analyst. We would be super excited if you had app sec experience too! If you enjoy working with wicked smart people, like to hack into things, solve puzzles, and work on cool projects, ISE is the place for you!
This is a hands-on Red Teaming position that requires social engineering and penetrating networks. This is not scanning or compliance.
What you’ll do at ISE:
Interface directly with ISE clients as a project lead, senior analyst, or in a scoping capacity
Design and perform Red Team operations based on realistic threats, including network penetration testing, social engineering, and mimicking an attack in a client’s controlled environment
Conduct investigations to gather system information through Network information, publicly available information,
Mentor junior analysts throughout client assessments, research projects, findings reviews, and general professional and technical development
Perform hands-on security assessments and reviews on various pieces of technology including but not limited to:
Web apps and APIs
Mobile apps
Networks
Cloud architecture and configuration
Hardware and firmware
Create comprehensive assessment reports that clearly identify vulnerabilities, how they impact our client’s digital assets, and remediation strategies
Provide consultative advice to ISE’s clients regarding best practices, design guidance, new threats, policies and processes, etc. Basically: be their genius friend who helps solve problems.
Perform research and develop whitepapers/presentations/etc. regarding relevant research, security topics, tools and techniques driven by your areas of interest and expertise
Opportunity to participate in IoT Village
Potential need for travel to clients’ sites
What you won’t do at ISE:
Write policy or compliance rules or assess tools for regulatory purposes
Only hack with your head down – we are looking for folks who will talk with our clients, mentor others, and collaborate on projects, talks, and research
What you bring to the table:
4+ years in security consulting with a focus on Red Team operations
Experience with programming and developing exploits
Familiarity with Unix command line tools and working in CLI environments
Background in the following:
Social engineering attacks
Cloud and system architecture design
Leveraging compromised assets to gain more visibility/access using common
enterprise services (e.g., Active Directory)
Privilege escalation attacks
Deploying tools to facilitate persistence
Lateral movement through compromised networks
Reverse engineering through static and dynamic analysis
Analyzing cryptographic workflows
Analyzing network traffic
Experience interacting with clients in a consultative environment
Strong technical writing and oral communication skills
Public speaking experience
Desire to make things better: help our clients secure their products, help your colleagues grow and learn, self-motivated and always seeking improvement
Nice to have (but we can teach you!):
Experience with application security: web, desktop, and mobile application, software vulnerability analysis, code analysis, fuzzing, reverse engineering through static and dynamic analysis, analyzing cryptographic workflows,
Experience with digital rights management and digital watermarking
Experience with secure software development
Familiarity with industry standard security policies (SOC2, OWASP ASVA, GDPR, ISO 27001, PCI, NIST CSF, etc) and their practical applications
B.S. degree preferred in computer science or related field
Independent Security Evaluators
Independent Security Evaluators (ISE) is a security consultancy that performs hands-on security assessments of applications, networks, devices, and whatever else our clients need. Our team enjoys working in a creative, educational, and comfortable environment where they can thrive professionally.
ISE is seeking a talented Senior Red Team Security Analyst. We would be super excited if you had app sec experience too! If you enjoy working with wicked smart people, like to hack into things, solve puzzles, and work on cool projects, ISE is the place for you!
This is a hands-on Red Teaming position that requires social engineering and penetrating networks. This is not scanning or compliance.
What you’ll do at ISE:
Interface directly with ISE clients as a project lead, senior analyst, or in a scoping capacity
Design and perform Red Team operations based on realistic threats, including network penetration testing, social engineering, and mimicking an attack in a client’s controlled environment
Conduct investigations to gather system information through Network information, publicly available information,
Mentor junior analysts throughout client assessments, research projects, findings reviews, and general professional and technical development
Perform hands-on security assessments and reviews on various pieces of technology including but not limited to:
Web apps and APIs
Mobile apps
Networks
Cloud architecture and configuration
Hardware and firmware
Create comprehensive assessment reports that clearly identify vulnerabilities, how they impact our client’s digital assets, and remediation strategies
Provide consultative advice to ISE’s clients regarding best practices, design guidance, new threats, policies and processes, etc. Basically: be their genius friend who helps solve problems.
Perform research and develop whitepapers/presentations/etc. regarding relevant research, security topics, tools and techniques driven by your areas of interest and expertise
Opportunity to participate in IoT Village
Potential need for travel to clients’ sites
What you won’t do at ISE:
Write policy or compliance rules or assess tools for regulatory purposes
Only hack with your head down – we are looking for folks who will talk with our clients, mentor others, and collaborate on projects, talks, and research
What you bring to the table:
4+ years in security consulting with a focus on Red Team operations
Experience with programming and developing exploits
Familiarity with Unix command line tools and working in CLI environments
Background in the following:
Social engineering attacks
Cloud and system architecture design
Leveraging compromised assets to gain more visibility/access using common
enterprise services (e.g., Active Directory)
Privilege escalation attacks
Deploying tools to facilitate persistence
Lateral movement through compromised networks
Reverse engineering through static and dynamic analysis
Analyzing cryptographic workflows
Analyzing network traffic
Experience interacting with clients in a consultative environment
Strong technical writing and oral communication skills
Public speaking experience
Desire to make things better: help our clients secure their products, help your colleagues grow and learn, self-motivated and always seeking improvement
Nice to have (but we can teach you!):
Experience with application security: web, desktop, and mobile application, software vulnerability analysis, code analysis, fuzzing, reverse engineering through static and dynamic analysis, analyzing cryptographic workflows,
Experience with digital rights management and digital watermarking
Experience with secure software development
Familiarity with industry standard security policies (SOC2, OWASP ASVA, GDPR, ISO 27001, PCI, NIST CSF, etc) and their practical applications
B.S. degree preferred in computer science or related field