Resideo is seeking a highly motivated and skilled Principal Red Team Engineer with a strong technical experience with web application and network penetration testing & vulnerability management.
The ideal candidate should be self-motivated and strong in execution of tasks assigned. The individual should be inquisitive in nature, challenging the norm to identify vulnerabilities and threats. This is an amazing opportunity to grow with a company that is backed by dynamic leadership.
Responsible for conducting vulnerability assessments, penetration tests, web application testing, and social engineering campaigns. The successful candidate will identify, evaluate, and provide remediation guidance for potential weaknesses in company systems and processes. It is critical that the candidate be able to rapidly learn new technologies and processes with minimal assistance.
Core Role Functions:
* Lead security technical testing against company applications and network assets.
* Communicate findings, attack paths, and recommendations to technical and non-technical stakeholders through written reports and verbal presentations. Must demonstrate effective English writing skills.
* Develop scripts, tools, techniques, and methodologies to improve the overall ability to deliver high-quality outcomes.
* Provide technical expertise and guidance in developing and supporting business applications to ensure they are deployed securely.
* Employ advanced internal network, wireless networks, mobile applications, thick-client applications, embedded applications, or hardware penetration testing techniques.
* Act as a company's primary technical contact for vulnerability analysis.
* Contribute to team's Tactics, Techniques, and Procedures (TTPs) knowledge base.
* Demonstrate an understanding of penetration testing techniques and methodologies.
* Develop/customize payloads specific to the environment, software version, or for evasion of defensive technologies.
* Other duties as assigned.
* Bachelor's degree highly preferred
* Strong expertise in at least two of the following areas:
* Network penetration testing
* Web application (web, mobile, etc.) penetration testing
* Mobile application penetration testing
* Social engineering (e-mail phishing, phone, physical, etc.)
* 6+ years of penetration testing experience.
* 4+ years of system admin, network admin, web application development, or programming experience.
* Strong understanding of networks, firewalls, protocols, routing, web application stacks, and security technologies.
* Working knowledge of common IT and security concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques, cyber incident response, malware analysis, computer forensics and the tools that support these processes.
Preferred Technical & Professional Experience:
* OSCP, OSCE, GWAPT, GPEN or other technical certifications
* Experience in reverse engineering software or hardware
* Programming experience in one or more of the following: Java, .Net, PowerShell, Python, or Ruby
* Experience with AWS and other cloud services platforms
* Experience editing documents for grammar, clarity, and technical accuracy