Senior/Assistant Manager - Red Team Specialist (Cyber Risk Advisory)

What impact will you make?

At Deloitte, we offer a unique and exceptional career experience to inspire and empower talents like you to make an impact that matters for our clients, people and community. Whatever your aspirations, Deloitte offers you a highly inclusive, collaborative workplace and unrivalled opportunities to realize your full potential. We are always looking for people with the relentless energy to push themselves further, and to find new avenues and unique ways to reach our shared goals.

So what are you waiting for? Join the winning team now.

Work you’ll do

As a Red Team specialist, you will work in a highly skilled team to perform various Red Team exercises for our clients. Using your offensive skills you will covertly breach our clients’ networks and provide recommendations to strengthen the client’s security posture. You will work with our Offensive Security team to provide attack-oriented professional services such as (but not limited to): Red/Purple Team Operations, Penetration Testing, Breach and Attack Simulations, Cloud Penetration Testing, Social Engineering, and a variety of ad-hoc custom assessments to address unique information security concerns for clients. In this role you will:

• Find creative ways to obtain a foothold in a client's network
• Deliver professional services, including but not limited to Red Team Assessments, Purple Team Assessments, Network Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessments
• Use automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
• Create and write comprehensive assessment reports that are technical and managerial to describe the engagement, scope, risks, and remediation recommendations
• Apply an adversary mindset to simulate sophisticated actors and achieve project-specific objectives
• Perform research and develop your own tools and sharpen your tradecraft
• Turn security weaknesses into tailored and concrete recommendations which you will present to clients
• Facilitate Purple Team workshops and training defensive teams of clients in to identify tactics, techniques and procedures (TTPs) used by adversaries
• Maintain a strong desire to learn, adapt, and improve along with a rapidly growing company
• Perform other duties as assigned

Your role as a leader

At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves everyday to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. In addition to living our purpose, Senior Associates / Senior Consultants / Assistant Manager across our Firm are expected to:

• Understand objectives for stakeholders, clients and Deloitte whilst aligning own performance to objectives and sets personal priorities.
• Develop themselves by actively seeking opportunities for growth, shares knowledge and experiences with others, and acts as a strong brand ambassador.
• Seek opportunities to challenge themselves, collaborate with others to deliver and takes accountability for results.
• Build relationships and communicates effectively in order to positively influence peers and stakeholders.
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected and recognized for their contribution.

Requirements

Required

• 3+ years of experience performing offensive/attack-oriented security assessments
• 2+ years of experience in an enterprise-level customer delivery services role
• Experience with various public cloud components and architectures
• Experience in evading security detection controls
• A passion for offensive security, Red Teaming and a drive to stay up-to-date with current attack techniques and new vulnerabilities
• Knowledge of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, Lockheed Martin’s Kill Chain, and MITRE ATT&CK
• Experience with technologies like WMI, WinRM, (Azure) AD and ability to script/program using e.g. PowerShell, C#, C, Python, Go, Bash for offensive purposes
• Experience setting up and using C2, working with tools like Cobalt Strike, Impacket, Mimikatz, Kekeo, Rubeus, socat and Sysinternals suite
• Proven track record of executing Red Team operations and advanced penetration tests in production environments
• Excellent communication skills and fluency in written and spoken English

Preferred

• Relevant lab-based security certifications are preferred, some examples: OSCP, OSCE, OSEP, OSED, OSEE, CRTP, CRTE, GIAC, GSE, etc.
• Other relevant industry certifications, such as GPEN and GCIH
• Certifications such as: CISSP, AWS/Azure Security/DevOps/Professional Certifications, completion of Red Teaming Labs
• Experience building security tool APIs and/or services
• Experience building/automating Red Team Infrastructure
• Experience building/automating Attack Defense labs

Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorized Deloitte Recruiters via firm’s business contact number or business email address.