CyberArk, the global leader in privileged access management, helps organizations transform their business through improved security and reduced risk. As a trusted partner for thousands of companies around the world, CyberArk consistently sets the bar – driving innovation and helping our customers stay one step ahead of attackers.
CyberArk Software is seeking a Red-Team Engineer for the expanding remote Red-Team.
Looking at the security market today, there are more and more companies viewing Red- Teaming as a mandatory service which provides senior management tools to prepare against the inevitable Cyber-attack. Most Security companies today offer either defensive or offensive services/products while seeing the other side as a direct competitor. But having both types of service which can leverage one another, it allows CyberArk to offer a unique offering to its clients. The Red-Team service is provided at pre or post-sale once the client already has purchased our product and implemented it. Red-Team engagement provides a tangible method of assessing the value of Cyber-Ark solutions and opportunities for other Cyber-Ark solutions.
- Provide our clients with real life actionable deliverables which allows the client to understand what attackers will/can do during an attack and what they can do to mitigate these risks
- At the pre-sale phase, offer a service to potential clients to show how adversaries leverage existing TTP’s (tactics, techniques and procedures) in a real attack- the key point is providing real adversary simulation vs. limited scope penetration testing
- Design, plan and execute threat actor simulation scenarios using complex adversarial TTP
- Researching emerging threats, vulnerabilities disclosures and incident response reports; conducting cyber research into emerging threats, vulnerabilities disclosures and incident response plans
- Report risks and ensure offensive security tools and techniques are within regulation and policy procedures
- Evaluate risks and detect and create solutions that are tailored toward each individual customer
- Validate threats and pursue mitigation's (including those that might fall outside Cyber-Ark offerings)
- Record outcomes and escalate to leadership when necessary
- Other duties as assigned
- The successful candidate will have a minimum Bachelor's Degree in Computer Science or related discipline coupled with 5+ years experience in cybersecurity penetration testing or red-team activity or a minimum of a high school diploma coupled with 8+ years experience
- Self-motivated, enthusiastic, team player willing to work independently as well as cross-functionally
- Attention to detail and ability to recognize and resolve discrepancies
- Strong written and verbal communication skills
- Superior ability to multi-task and prioritize
- Proficient with Cobalt Strike or other C2 frameworks
- Offensive Security Certifications, examples: OSCP OSCE, OSWE- preferred
- Knowledge of penetration testing and/or red-teaming activities
- Understanding of Windows or Unix internals for exploit development helpful
- Professional experience in both offensive and defensive information security disciplines is strongly desirable
CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.