4 Cobalt Strike Jobs

Job Description : Advanced Red team ops Analyse and exploit AD and Networks for Vulnerabilities Skills : * Python, PowerShell for various tasks, including reconnaissance, privilege escalation and lateral movement within AD * Exploitation frameworks like Metasploit, Core Impact, etc. * c2 frameworks like havoc, sliver, mythic, cobalt strike, etc. * AD exploitation tools like Bloodhound, Powersploit, mimikatz, crackmapexec, " Knowledge : * Cyber killchain, MITRE attack Framework, TIBER * Active Directory architecture, policies, services and security mechanisms * AD attack techniques such as kerberoasting, Pass—the—Ticket, Golden Ticket attacks, etc. * Network Protocols and Services, vulnerabilities, exploitation vectors, defenders response and bypass * Access and Persistence Techniques on compromised machines and mitigations * Firewalls, IPS, IDS and other network controls and evasion techniques" Experience: 3-5 years working experience in similar role Certifications (not mandatory unless otherwise indicated): Undergrad/Grad courses in Computer Sc/IT preferred Desirable: * Offensive Security Certified Professional (OSCP) * Offensive Security Certified Expert (OSCE) * CRTP(Certified Red Team Professional by eLearnSecurity) * CTP (Cracking the Perimeter by Offensive Security)

Senior Security Consultant (Network Penetration Tester) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. Join the mission as a Senior Security Consultant. We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. You will be responsible for performing Network (InPen) Penetration Testing, in addition to competencies in problem solving, client service, written/verbal communication, and project execution. You will work to deliver clear, actionable reports and contribute to the development of security best practices. Responsibilities : Conduct engagements on Network (InPen) Penetration Testing independently and provide technical oversight Perform internal, external and wireless network penetration tests Create, review and deliver reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes Act as a resource for internal team members as it relates to in-depth technical questions or best practices Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations. Minimum Qualifications : Bachelors degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience Minimum of 5+ years of experience in Network Penetration Testing with expertise on InPen testing. Experience with offensive toolkits used for network and web or mobile penetration testing Familiarity with offensive and defensive IT concepts and protocols Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks. Working knowledge of Windows, Linux and MacOS operating systems internals and administration Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences Ability to work independently and as part of a team Proficient communication skills, both written and verbal Willingness to travel up to 5-10%, as required. This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs Preferred Qualifications: Ability to provide technical and QA oversight on Network (InPen) service line Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#) Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT) We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Key Responsibilities: 1.Strategic Red Teaming and Penetration Testing Execute sophisticated red teaming engagements to simulate real-world attack scenarios. Develop and implement long-term offensive security strategies to proactively identify and address vulnerabilities across diverse environments. Conduct comprehensive penetration testing on internal networks, cloud environments, and applications. Execute social engineering attacks, phishing campaigns, and physical intrusions as part of full-spectrum red team operations. 2.Adversarial Threat Simulation & Attack Path Mapping Develop and refine threat emulation plans, leveraging TTPs (tactics, techniques, and procedures) used by nation-state actors and other adversaries. Model various attack paths from an adversarys perspective to test the resilience of existing security measures. Simulate attacks against IT, OT (Operational Technology), and ICS (Industrial Control Systems) environments, ensuring critical infrastructure protection. 3.Collaborative Defense & Response Enhancement Collaborate with Blue Teams, incident response teams, and the Security Operations Center (SOC) to enhance detection, response times, and mitigation strategies. Provide detailed feedback on the effectiveness of security controls, detection mechanisms, and incident response processes. Develop and conduct collaborative red-blue team exercises (purple teaming) to continuously improve organizational defense mechanisms. 4.Vulnerability Research & Exploit Development Conduct research on emerging cybersecurity threats and stay current with evolving vulnerabilities, zero-day exploits, and new attack techniques. Develop or customize proof-of-concept exploits to demonstrate the impact of vulnerabilities in real-world scenarios. Perform threat intelligence analysis to determine the most relevant and high-risk attack vectors for Adanis business environment. 5.Reporting & Risk Communication Produce comprehensive technical reports and executive-level summaries detailing vulnerabilities, successful attack simulations, and recommendations for improvement. Translate complex security vulnerabilities into business risk language for presentation to senior management and business stakeholders. Present red team findings in a clear and concise manner to leadership teams and board members, offering strategic insights for enhancing the overall cybersecurity posture. 6.Training, Mentoring, and Knowledge Sharing Provide mentorship and training to junior red team members and internal security teams, fostering a culture of proactive security and continuous improvement. Conduct workshops and tabletop exercises with business units to raise awareness about red teaming methodologies and the importance of cybersecurity. 7.Tool Development & Automation Develop, customize, or extend red teaming tools, scripts, and automation frameworks to simulate various attack vectors. Continuously assess and introduce new red teaming tools to improve the efficacy and realism of adversary simulations. Qualifications & Skills: Education: Bachelor's or master's degree in computer science, Cybersecurity, Information Security, or a related technical field. Relevant professional certifications in cybersecurity. Experience: 10+ years of experiencein cybersecurity, with aminimum of 5 years in red teaming, offensive security, ethical hacking, or penetration testing. Proven track record of executing large-scale red teaming exercises in complex environments, including experience with critical infrastructure (Ports, Airports, Energy, etc.). Extensive experience in simulating advanced cyberattacks, particularly in industrial environments, OT, and ICS. Certifications: CRTP, OSCP, OSCE, CRESTcertifications or equivalent in red teaming and penetration testing. Other cybersecurity certifications such asCISSP, CEH, GIAC, GCIH, GPENare CRTP advantageous. Technical Skills: Expert knowledge ofoffensive security tools(e.g., Metasploit, Cobalt Strike, Burp Suite, Empire, etc.) andthreat simulation frameworks. Strong understanding ofTTPsused by cybercriminals and APT groups (MITRE ATT&CK framework knowledge preferred). Deep expertise innetwork protocols, firewalls, intrusion detection systems, and secure configurations. Proficient in various operating systems (Windows, Linux, macOS) and cloud environments (AWS, Azure, GCP). Knowledge ofOperational Technology (OT)andIndustrial Control Systems (ICS)security challenges and attack methodologies. Experience withexploit developmentandcustom tool creationfor red teaming operations. Soft Skills: Communication: Excellent written and verbal communication skills, with the ability to convey complex technical information to non-technical stakeholders. Problem-Solving: Strong problem-solving skills, strategic thinking, and analytical ability to assess risks and prioritize mitigation. Leadership: Effective leadership and mentoring abilities for team members. Collaboration: Ability to work collaboratively with cross-functional teams and foster a culture of proactive security. Adaptability: Ability to work in high-pressure environments and handle multiple concurrent assignments with minimal oversight. Ethical Mindset :Commitment to ethical hacking principles and maintaining the highest standards of integrity. Continuous Learning:Dedication to staying ahead of cybersecurity threats through ongoing research and professional development. Key Competencies: Adverserial Mindset:Ability to think like an adversary and develop innovative ways to bypass security controls. Collaborative Spirit:Strong emphasis on working closely with blue teams and cross-functional teams. Continuous Learning:Commitment to staying ahead of cybersecurity threats by engaging in ongoing research and professional development.

What youll be doing... Verizon Cyber Security Team is looking for a Penetration Tester to join our Application Pen Test team. Youll be joining a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. . This team isnt a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an enterprise-recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. The successful candidate will possess an effective aptitude in thinking like an adversary, security of Web applications, Infrastructure, APIs and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports Cyber Security Team and broader Verizon goals. The ability to lead and perform full scope penetration testing on complex web applications, Infrastructure, APIs and Mobile applications. Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments. Developing comprehensive and accurate reports and presentations for both technical and executive audiences. The ability to make collaborative decisions on the impact of an exposure to Verizon. Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed. Helping define the Pen Test strategy and standards to further enhance the companys security posture. Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities. Developing scripts, tools, or methodologies to enhance Verizons pen testing processes and effectiveness. Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations. Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise. What were looking for... Youll need to have: Bachelor's degree and four or more years of work experience. Four or more years of relevant work experience. Relevant pen testing or security experience. Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS. Even better if you have one or more of the following: Strong knowledge of tools used for API, infrastructure, web application, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap. Knowledge of secure software deployment methodologies, tools, and practices. Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications such as: GXPN, GPEN, eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE. Service Delivery/Governance: ITILv2/3. Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors. An implementation level familiarity with all common classes of modern exploitation. Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell. Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others. Experience with system and application security threats and vulnerabilities and secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model). Knowledge of secure coding techniques. Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization). Knowledge of secure software deployment methodologies, tools, and practices. Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.