CyberArk, the global leader in privileged access management, helps organizations transform their business through improved security and reduced risk. As a trusted partner for thousands of companies around the world, CyberArk consistently sets the bar driving innovation and helping our customers stay one step ahead of attackers.
CyberArk Software is seeking a Red-Team Engineer for the expanding Red-Team located in Newton, Massachusetts.
Looking at the security market today, there are more and more companies viewing Red- Teaming as a mandatory service which provides senior management tools to prepare against the inevitable Cyber-attack. Most Security companies today offer either defensive or offensive services/products while seeing the other side as a direct competitor. But having both types of service which can leverage one another, it allows CyberArk to offer a unique offering to its clients. The Red-Team service is provided at pre or post-sale once the client already has purchased our product and implemented it. Red-Team engagement provides a tangible method of assessing the value of Cyber-Ark solutions and opportunities for other Cyber-Ark solutions.
- Provide our clients with real life actionable deliverables which allows the client to understand what attackers will/can do during an attack and what they can do to mitigate these risks
- At the pre-sale phase, offer a service to potential clients to show how adversaries leverage existing TTPs (tactics, techniques and procedures) in a real attack- the key point is providing real adversary simulation vs. limited scope penetration testing
- Design, plan and execute threat actor simulation scenarios using complex adversarial TTP
- Researching emerging threats, vulnerabilities disclosures and incident response reports; conducting cyber research into emerging threats, vulnerabilities disclosures and incident response plans
- Report risks and ensure offensive security tools and techniques are within regulation and policy procedures
- Evaluate risks and detect and create solutions that are tailored toward each individual customer
- Validate threats and pursue mitigation's (including those that might fall outside Cyber-Ark offerings)
- Record outcomes and escalate to leadership when necessary
- Other duties as assigned
- The successful candidate will have a minimum Bachelor's Degree in Computer Science or related discipline coupled with 5+ years experience in cybersecurity penetration testing or red-team activity or a minimum of a high school diploma coupled with 8+ years experience
- Self-motivated, enthusiastic, team player willing to work independently as well as cross-functionally
- Attention to detail and ability to recognize and resolve discrepancies
- Strong written and verbal communication skills
- Superior ability to multi-task and prioritize
- Proficient with Cobalt Strike or other C2 frameworks
- Offensive Security Certifications, examples: OSCP OSCE, OSWE- preferred
- Knowledge of penetration testing and/or red-teaming activities
- Understanding of Windows or Unix internals for exploit development helpful
- Professional experience in both offensive and defensive information security disciplines is strongly desirable
CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Recruiting agencies or vendors without a valid agreement between the parties are not authorized to (a) send CyberArk unsolicited resumes or candidate data or (b) contact CyberArk employees for the purposes of presenting candidates for employment. CyberArk will only work with recruiting agencies who have a valid agreement with CyberArk and that are specifically invited by CyberArks recruiting team to assist with searching for and submitting candidates for a specific position. Any unsolicited resumes or other candidate data submitted to CyberArk will not be accepted and shall be considered CyberArks property. CyberArk will not pay any placement or other fees of any kind for any unsolicited resumes or candidate data that is submitted in violation of this policy. CyberArk does not accept liability under any legal theory such as course of conduct, oral agreements, implied contracts, or otherwise based on negotiations with a candidate identified from an unsolicited resume or data in violation of this policy.