Attack Simulation Engineer - Threat & Attack Simulation
Brief Description
GuidePoint Security’s Continuous Security Validation (CSV) offerings combine the benefits of the latest in continuous attack simulation technology with our seasoned team of expert penetration testers and red teamers. As an Attack Simulation Engineer, you will be tasked with the effective operation of industry-leading automated penetration testing platforms to ensure our clients benefit from our unique approach. Additionally, you will identify and validate vulnerability at speed and scale to assist our clients in making meaningful and measurable improvements in their risk posture.
Description
As an Attack Simulation Engineer, you will be a technically adept and reliable team member who leverages your knowledge, skills, and experience to deliver exceptional results to clients for all of the Practice’s professional service offerings and assist with shaping the future of the practice. Your primary responsibilities revolve around performing challenging and complex assessments, mentoring less experienced team members, contributing to the practice’s growth and improvement, assist with pre-sales activities, and assisting with evaluating and onboarding new technologies that may be added to the Practice.
As an Attack Simulation Engineer, you are encouraged to interact with the CSV Leadership Team and contribute to the Practice’s future success. GuidePoint Security’s Continuous Security Validation offering operates in perpetuity in response to emerging threats and diverse client needs. Your creativity and expertise will assist the Practice by adapting to this rapidly changing environment.
Role Requirements
Deliver CSV services, including, but not limited to Continual and Coordinated penetration testing, Automated Assessments, Hybrid Assessments, Automated Remote Social Engineering Assessments, and Breach & Attack Simulation Assessments
Assist with technical oversight/quality assurance of CSV assessments as needed
Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies
Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
Assist in the pre-sales process for both the services and the tools we support, attending and performing demos as required
Foster strong client relationships and represent GuidePoint well by providing interactive and collaborative support, information, and guidance to ensure delivery of maximum value
Serve as a Subject Matter Expert over one of the Practice’s main offering areas (Remote Social Engineering, Automated Penetration Testing, or Breach & Attack Simulation), including maintaining vendor certifications as they are available
Serve as an escalation point for abnormal findings, properly triage, and escalate as needed
Maintain situational awareness of the client's technology architecture, known weaknesses, solutions used for monitoring and threat intelligence, and any recent security events
Ensure that identified vulnerabilities are promptly validated and thoroughly investigated
Devise and document new procedures and runbooks/playbooks as directed
Maintain established Service Level Agreements (SLAs)
Attend GuidePoint GPSEC conferences as necessary to meet with account executives and clients regarding our services
Education, Credentials, and Experience
Familiarity with offensive security tools used for network, host and application security testing
Experience in security technologies such as automated penetration testing tools, Breach & Attack Simulation Tools, Security Information and Event Management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint Detection and Response (EDR), Anti-Virus, Sandboxing, network- and host-based firewalls, Threat Intelligence, Virtual Machines, etc.
Advanced knowledge of at least one security tool from within the following domains: Automated Penetration Testing and Breach & Attack Simulation (i.e. Horizon3, Pentera, SafeBreach, Picus, etc…)
Experienced in client delivery for high-profile clients (i.e. Fortune 100) with utmost professionalism
Pentest+ Certification or equivalent, and in pursuit of OSCP (or other lab-based certification)
Internal security operations experience is strongly preferred
InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience is strongly preferred
Minimum of two (2) years of experience in security operations
Minimum of one (1) year of experience in performing continual and coordinated penetration testing
Minimum of four (4) years working in an IT or IT Security environment
Knowledge, Skills, and Abilities
Technical
Assess network security postures for enterprise-level infrastructures by utilizing industry-standard approaches for conducting vulnerability assessments and penetration testing
Possess in-depth knowledge of formal assessment methodologies, as well as when to use intuition to creatively deviate from established processes
Identify common vulnerabilities through the use of automated tools and practical analysis
Identify obscure vulnerabilities by leveraging your expertise through manual analysis
Perform safe and reliable exploitation (to the extent possible) for exploitable vulnerabilities
Understand network, operating system, and application-based detective and preventative controls and evade and/or circumvent such controls effectively
Quickly and efficiently perform post-exploitation activities to demonstrate the impact of compromise
Knowledge of common open-source tools, such as Nmap, Metasploit, and the Kali Linux Suite (or equivalent)
Proficient with scripting languages, such as Ruby, Python, Bash, PowerShell, etc.
Proven ability to write code to solve problems and automate tedious and time-consuming tasks during assessments
Proficiency with web application attacks (e.g., OWASP Top 10) is strongly preferred
Understanding of modern cloud architectures and common cloud service provider services and offerings
Possess a solid understanding of TCP/IP, networking technologies, network segmentation, and vendor-specific technologies, such as Cisco and Juniper
Possess a solid understanding of firewall concepts and vendor-specific technologies, such as Cisco, Palo Alto, and Checkpoint
Possess a solid understanding of operating systems, such as Microsoft, Linux, and various Unix variants
Desire to initiate and conduct research projects
Familiarity with automation tools such as Ansible
Business/Professional
Strong overall practice knowledge and problem-solving abilities (i.e., ability to handle tricky client/project situations with little to no assistance)
Ability to think outside the box when presented with complex problems
Contributions to the information security community are strongly preferred, such as conference speaking, blog articles/white papers, and/or podcasts.
Prizes continuous improvement and desires to aid with practice development as much as personal growth
Possess a desire to mentor and manage other team members and have a passion for sharing knowledge
Ability to professionally interact with clients and maintain composure while resolving difficult situations
Self-motivated and able to work independently, as well as being a reliable addition to team projects
Ability to effectively multitask and efficiently manage time when simultaneously working on multiple projects
Possess a firm understanding of the concept of risk as it relates to a business
Strong verbal communication skills include clearly articulating thoughts, being persuasive, and delivering presentations and training to technical audiences and all management levels
Excellent written communication skills for preparing formal deliverables, performing quality assurance reviews, and technical oversight for peers, proposals, training content, and white papers/blog articles
Comfortable interacting with executive management and conveying technical findings in an appropriate business context
Attack Simulation Engineer - Threat & Attack Simulation
Brief Description
GuidePoint Security’s Continuous Security Validation (CSV) offerings combine the benefits of the latest in continuous attack simulation technology with our seasoned team of expert penetration testers and red teamers. As an Attack Simulation Engineer, you will be tasked with the effective operation of industry-leading automated penetration testing platforms to ensure our clients benefit from our unique approach. Additionally, you will identify and validate vulnerability at speed and scale to assist our clients in making meaningful and measurable improvements in their risk posture.
Description
As an Attack Simulation Engineer, you will be a technically adept and reliable team member who leverages your knowledge, skills, and experience to deliver exceptional results to clients for all of the Practice’s professional service offerings and assist with shaping the future of the practice. Your primary responsibilities revolve around performing challenging and complex assessments, mentoring less experienced team members, contributing to the practice’s growth and improvement, assist with pre-sales activities, and assisting with evaluating and onboarding new technologies that may be added to the Practice.
As an Attack Simulation Engineer, you are encouraged to interact with the CSV Leadership Team and contribute to the Practice’s future success. GuidePoint Security’s Continuous Security Validation offering operates in perpetuity in response to emerging threats and diverse client needs. Your creativity and expertise will assist the Practice by adapting to this rapidly changing environment.
Role Requirements
Deliver CSV services, including, but not limited to Continual and Coordinated penetration testing, Automated Assessments, Hybrid Assessments, Automated Remote Social Engineering Assessments, and Breach & Attack Simulation Assessments
Assist with technical oversight/quality assurance of CSV assessments as needed
Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies
Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
Assist in the pre-sales process for both the services and the tools we support, attending and performing demos as required
Foster strong client relationships and represent GuidePoint well by providing interactive and collaborative support, information, and guidance to ensure delivery of maximum value
Serve as a Subject Matter Expert over one of the Practice’s main offering areas (Remote Social Engineering, Automated Penetration Testing, or Breach & Attack Simulation), including maintaining vendor certifications as they are available
Serve as an escalation point for abnormal findings, properly triage, and escalate as needed
Maintain situational awareness of the client's technology architecture, known weaknesses, solutions used for monitoring and threat intelligence, and any recent security events
Ensure that identified vulnerabilities are promptly validated and thoroughly investigated
Devise and document new procedures and runbooks/playbooks as directed
Maintain established Service Level Agreements (SLAs)
Attend GuidePoint GPSEC conferences as necessary to meet with account executives and clients regarding our services
Education, Credentials, and Experience
Familiarity with offensive security tools used for network, host and application security testing
Experience in security technologies such as automated penetration testing tools, Breach & Attack Simulation Tools, Security Information and Event Management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint Detection and Response (EDR), Anti-Virus, Sandboxing, network- and host-based firewalls, Threat Intelligence, Virtual Machines, etc.
Advanced knowledge of at least one security tool from within the following domains: Automated Penetration Testing and Breach & Attack Simulation (i.e. Horizon3, Pentera, SafeBreach, Picus, etc…)
Experienced in client delivery for high-profile clients (i.e. Fortune 100) with utmost professionalism
Pentest+ Certification or equivalent, and in pursuit of OSCP (or other lab-based certification)
Internal security operations experience is strongly preferred
InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience is strongly preferred
Minimum of two (2) years of experience in security operations
Minimum of one (1) year of experience in performing continual and coordinated penetration testing
Minimum of four (4) years working in an IT or IT Security environment
Knowledge, Skills, and Abilities
Technical
Assess network security postures for enterprise-level infrastructures by utilizing industry-standard approaches for conducting vulnerability assessments and penetration testing
Possess in-depth knowledge of formal assessment methodologies, as well as when to use intuition to creatively deviate from established processes
Identify common vulnerabilities through the use of automated tools and practical analysis
Identify obscure vulnerabilities by leveraging your expertise through manual analysis
Perform safe and reliable exploitation (to the extent possible) for exploitable vulnerabilities
Understand network, operating system, and application-based detective and preventative controls and evade and/or circumvent such controls effectively
Quickly and efficiently perform post-exploitation activities to demonstrate the impact of compromise
Knowledge of common open-source tools, such as Nmap, Metasploit, and the Kali Linux Suite (or equivalent)
Proficient with scripting languages, such as Ruby, Python, Bash, PowerShell, etc.
Proven ability to write code to solve problems and automate tedious and time-consuming tasks during assessments
Proficiency with web application attacks (e.g., OWASP Top 10) is strongly preferred
Understanding of modern cloud architectures and common cloud service provider services and offerings
Possess a solid understanding of TCP/IP, networking technologies, network segmentation, and vendor-specific technologies, such as Cisco and Juniper
Possess a solid understanding of firewall concepts and vendor-specific technologies, such as Cisco, Palo Alto, and Checkpoint
Possess a solid understanding of operating systems, such as Microsoft, Linux, and various Unix variants
Desire to initiate and conduct research projects
Familiarity with automation tools such as Ansible
Business/Professional
Strong overall practice knowledge and problem-solving abilities (i.e., ability to handle tricky client/project situations with little to no assistance)
Ability to think outside the box when presented with complex problems
Contributions to the information security community are strongly preferred, such as conference speaking, blog articles/white papers, and/or podcasts.
Prizes continuous improvement and desires to aid with practice development as much as personal growth
Possess a desire to mentor and manage other team members and have a passion for sharing knowledge
Ability to professionally interact with clients and maintain composure while resolving difficult situations
Self-motivated and able to work independently, as well as being a reliable addition to team projects
Ability to effectively multitask and efficiently manage time when simultaneously working on multiple projects
Possess a firm understanding of the concept of risk as it relates to a business
Strong verbal communication skills include clearly articulating thoughts, being persuasive, and delivering presentations and training to technical audiences and all management levels
Excellent written communication skills for preparing formal deliverables, performing quality assurance reviews, and technical oversight for peers, proposals, training content, and white papers/blog articles
Comfortable interacting with executive management and conveying technical findings in an appropriate business context