Job Directory Red Team Technical Manager

Red Team Technical Manager
Arlington, VA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Are you energized by helping organizations protect their data and build client trust? Do you want to work in one of the world's largest holistic internal cybersecurity organizations? If you're interested in proactively preventing, detecting, and responding to cyberattacks across a complex global footprint, then Deloitte Global could be the perfect place for you. We're looking for an analytical thinker passionate about cybersecurity to join our team.

The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Red Team Technical Manager to join the team.

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

Work you'll do:

As part of an enhanced security program at Deloitte, we are seeking the creation and formalization of a Red Team. The purpose of the Red Team will be to challenge the organization to improve its security effectiveness by assuming an adversarial role in a variety of capacities (e.g., via ethical hacking, etc.).

The formalized Red Team will reside within the constructs of the existing Penetration Testing service which will deliver an auditable evaluation process, assessing the effectiveness of, and making recommendations for cyber security controls in order to meet Deloitte's risk appetite.

The Red Team Technical Manager will be responsible for the creative development, installation, configuration, maintenance and day-to-day oversight of the globally distributed Red Team infrastructure, and serve as a primary contact point for technical requests and training for member firms and Red Team staff. The candidate being sought should be a creative, self-motivated, highly energetic and results oriented individual passionate about cyber security and risk management.

This Deloitte Global role requires limited to no travel.

What you'll be part of-our Deloitte Global culture:

At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Deloitte Global supports our talented professionals in answering the question: What impact will you make?Who you'll work with:

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte's global network of firms around the globe.

* Broad responsibilities will be to develop, maintain, and enhance a world-class infrastructure for conducting Red Team Operations:


* Utilize Red Team / Penetration Testing experience to architecturally design a secure operational environment


* Day-to-day management of red team infrastructure


* Ongoing liaising with Red Team Leader and Member Firm Red Team Operators and staff to provide:
* Communications on how to effectively employ Red Team tools and services and what capabilities are available


* Provide consultative guidance to Red Team Lead on feasibility of scoped operations as well as input into remediation's and paths for effectively addressing identified vulnerabilities from past campaigns


* Plan, scope and oversee red team infrastructure design modifications for both continuous testing assignments and targeted exercises for member firms


* Coordinate additional security services requested by member firms, including access, tool availability, secure communications, command & control framework info, bi-directional networking between operations infrastructure and in-scope target.


* Escalation of issues experienced to the Red Team Leader


* Assist in the secure transfer of all data between different secure environments to include the transfer of reportable technical findings to the vulnerability management / penetration testing service tracker


* Development of automation mechanisms for reporting and provisioning of the infrastructure when requested


* Developing, configuring, updating and providing the Red Team physical / wireless field kits which contain common tools and hardware for conducting on-site operations


* Support Red Team Lead in operational support request and progression of the service





Daily activities will consist of:

* Service management of ongoing and future technical direction of Red Team Operations


* Managing technical and operational processes of the Red Team's services to Member Firms


* Resolving Deloitte member firm technical inquiries or support escalations to the Red Team Service Lead or to external entities as needed


* Recommending solution improvements/enhancements (e.g. technology, processes and operational input)



Experience with secure infrastructure development, standard coding best practices, application and network attack vectors and vulnerabilities is strongly advantageous. Ability to work with multiple internal stakeholders, external vendors and provide verbal and written guidance and training on the future enhancement and proper usage of the operational infrastructure will be critical keys to success.

#GLBShSecSvc

* Demonstrated experience in developing offensive cyber infrastructure from servers, networks (on-premises and cloud based), multiple different operating systems, covert channels, encryption at rest and in transit methodologies


* Working with diverse stakeholders (preferably on a global / multi-national basis)


* Ability to manage concurrent initiatives and use effective judgment in prioritization and time management


* Strong written and verbal communication skills


* Proven ability to communicate with and present materials to technical as well as senior audiences


* Ability to translate technical requirements and challenges to leadership


* Creative, self-motivated, highly energetic and results oriented


* Excellent analytical/problem solving ability


* Strong influence, negotiation and relationship management skills


* Proficiency with Microsoft Office tools, especially collaboration tools


* Strong understanding and experience with solution design, architecture, deployment and management in a large, preferably global, enterprise


* Knowledge or awareness of the following:
* Multiple Operating systems (Kali, Ubuntu, CentOs, RHEL, seLinux, Windows, Android)


* Virtual Private Networks, IpSec, IpTables and other protocols and tools for creating secure transmissions and obfuscation of data


* Understanding of cloud infrastructure and the remote management of globally dispersed virtual machines


* Programming Skills (Python, C#, Ruby, etc.)


* Linux Encrypted Storage Containers / Host-based encryption standards and protocols


* Integration of existing public exploits and development of new methods for validating vulnerabilities


* ISO 27000 series such as 27001, 27002, 27032, 27035


* NIST SP 800 series


* OWASP Top Ten


* SANS Institute - CIS Critical Security Controls


* Standard of Good Practice for Information Security


* Security architectures and designs (e.g. SIEM, IDS/IPS)


* Security Operations Center (SOC) functions and activities


* Incident management and response


* Vulnerability management


* Required Licenses, Certifications, and Other Requirements


* Although not required, possessing any of the following will be an asset:




* Cyber security related certifications/designations, such as:
* Offensive Security Certified Professional (OSCP)


* Certified Information Systems Security Professional (CISSP)


* Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM)


* Certified Ethical Hacker (CEH)


* GIAC Penetration Tester (GPEN)


* GIAC Mobile Device Security Analyst (GMOB)


* CompTIA Security+





Education & Experience

Although not required, possessing any the following will be an asset:

* Bachelor's and/or Master's Degree in business administration, commerce, computer science, engineering or related field or significant relevant industry experience


* Extensive architectural management experience


* Exposure and/or experience with cyber security industry standards and trends



How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do - that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com

Requisition code: DE19USAGTS005KL1326

*
*
*
*
*
*

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.