Apply on Employer Site

MUFG · 1 day ago

Red Team Operator, Assistant Vice President

Jersey City, NJ

Full-time

Hybrid

Mid, Senior Level

$110K/yr - $135K/yr

5+ years exp

Mitsubishi UFJ Financial Group (MUFG) is one of the world’s leading financial groups, striving to make a difference for every client, organization, and community served. The Red Team Operator will work on cybersecurity initiatives, improve detection capabilities, and mentor junior team members.

Financial Services

Responsibilities

Developing guidelines for the usage, control, maintenance and audit-readiness of information and computer resources that are used in the distributed processing environment

Analyzing and addressing customer security requirements for all business applications existing on a distributed platform

Assisting in the evaluation, selection, and installation of security software products for distributed platforms

Identifying distributed systems security issues as they arise and coordinating with the security architect to ensure that issues are addressed and resolved in a timely basis

Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of products

Document and formally report testing initiatives, along with remediation recommendations and validation

Maintain tools and scripts used in penetration-testing and red team processes

Conduct research into real-world threat actor tactics, techniques, and procedures (TTPs) and apply that knowledge to Red Team Exercises

Assess new technologies, software applications, and devices for potential avenues of exploitation

Develop exploits based on identified vulnerabilities

Develop scripts, tools, or methodologies to enhance Red Team processes

Work with teammates to consistently learn and share advanced skills and foster team excellence

Qualification

Penetration testingRed team assessmentSecurity certificationsCompliance frameworksExploiting vulnerabilitiesResearch skillsTeam leadershipCommunication skills

Required

Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent work experience - equally preferable

Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc

5-7 year of experience conducting penetration-testing/red team engagements

Experience in planning and executing advanced attacks that evade network and endpoint security controls to demonstrate the potential adverse impact caused by a threat actor

Experience with implementing red team assessment methods, tools, and techniques

Experience identifying and exploiting common web-application vulnerabilities, such as: SQL Injection, DOM Manipulation, Authorization System Bypass, Design Logic issues, bounds checking, role & access validation, and filter evasion

Experience handcrafting/dissecting HTTP conversations

Experience in developing, extending, or modifying exploits and offensive security tools (shellcode, implants, reflective loaders, etc.), as well as operational experience exploitation, lateral movement, and persistence on Windows and Linux systems, bypassing preventative and detective endpoint and network security controls, C2 frameworks (Cobalt Strike and Metasploit), using common offensive security tools (nmap, CrackMapExec, Impacket, Responder, etc.)