About the Job
We are seeking a highly skilled and motivated Offensive Security Subject Matter Expert (SME) to join our FortiGuard Security Consulting Team. In this hands-on, customer-facing role, you will work with our Global Security Consulting team, which comprises individuals with expertise in attack and penetration methods, malware hunting and analysis, reverse engineering, various scripting languages, forensics, assessments, frameworks, and threat actor tactics, techniques, and procedures (TTPs).
Your primary responsibilities will include leading and conducting advanced Red Team engagements, both full-scope and objective-led, as well as penetration tests to identify weaknesses in an organization’s countermeasures. This role aims to enhance the overall security posture of our clients. Additionally, you may participate in pre-sales activities and provide thought leadership through speaking engagements at security conferences or producing blogs and whitepapers.
Responsibilities
- Customer Engagements: Collaborate with clients to understand their security needs and objectives, leading Red Team and penetration testing engagements that deliver high-quality results.
- Red Team Operations: Plan and execute realistic and sophisticated Red Team operations that simulate advanced cyber threats, mimicking adversary TTPs to identify and exploit vulnerabilities in client environments.
- Penetration Testing: Conduct comprehensive penetration tests on client systems, networks, and applications, providing actionable insights and remediation recommendations based on identified vulnerabilities.
- Technical Expertise: Demonstrate proficiency in a variety of offensive security tools and techniques. Stay updated on industry trends, emerging threats, and advancements in offensive security methodologies.
- Documentation and Reporting: Document all testing procedures, findings, and recommendations in clear and concise reports. Effectively communicate technical details to both technical and non-technical stakeholders, and provide guidance on improving organizational security posture.
Required Skills
- Excellent written and verbal communication skills in English.
- Experience developing and conducting Red Team and penetration testing engagements.
- Experience performing application security assessments.
- Public speaking experience at recognized security conferences is a plus.
- Capable of performing assessments using common offensive toolsets and building custom tools and implants.
- Solid knowledge of scripting languages such as Python, Perl, PowerShell, and Ruby.
- Development experience using C, C++, .NET, Java, or Go.
- Experience conducting vulnerability assessments, physical assessments, wireless assessments, and social engineering campaigns.
- Strong understanding of operating system internals and endpoint security controls such as EDR and various evasion techniques.
- Solid understanding of Active Directory and Azure AD.
Qualifications
- Bachelor’s Degree in Computer Engineering, Computer Science, or a related field, or 8-10+ years of experience in Attack and Penetration Testing roles.
- Certifications in offensive security such as OSCP, OSEP, GXPN, GRTP, or equivalent are preferred.