Red Team Operator

Posted:
4/4/2024, 5:00:00 PM

Location(s):
New York, New York, United States ⋅ California, United States ⋅ Missouri, United States ⋅ Minnesota, United States ⋅ New York, United States ⋅ Illinois, United States ⋅ Ohio, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Remote

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed.  We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

Performs the daily operation and execution of offensive security-related tools, processes and controls related to offensive cyber initiatives. Performs a variety of ethical hacking activities against the technical security controls and systems. Helps coordinate and deliver remediation items of identified risks and control deficiencies. Looks for ways to optimize security processes and recommend opportunities and solutions for improvement and automation. Serves as technical and function subject matter expert across multiple security domain areas, raising awareness and communicating security risks within the company. Supports and participates in technical investigations and training opportunities as needed.

 

Responsibilities

• Conduct Threat Emulation

• Conduct innovative research in cyber security

• Conduct active offensive and/or adversarial operations

• Conduct physical security assessments

• Develop custom tooling in support of Red Team operations

• Develop in-depth findings reports

• Document the impact and severity of attack chains to be presented to the lines of business

• Act as a subject matter expert to convey technical details on attacks to the blue teams
 

 Basic Qualifications  
- Bachelor's degree or equivalent work experience  
- At least seven years of experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data  

 

Preferred Skills/Experience

- Previous Red Team experience or expertise in Red Team operations/assessments

- Possesses certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Web Expert (OSWE), or ZeroPointSecurity (CRTO)

- Experience in writing proof-of-concept exploits and creating custom payloads and modules for common (post)exploitation frameworks and tools

- Well versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.

- Proficiency in defeating endpoint security and controls (A/V, EDR, XDR, etc.) in support of Red Team operations.

- Proficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.)

- Knowledge and experience with web-based application attacks

- Experience utilizing and maintaining infrastructure as code

- Previous experience performing “purple-team” activities

- Working knowledge of IT environment including service-oriented and IT architecture, industry trends and direction, system and technology integration, and IT standards, procedures and policies, and emerging technologies

- Extensive knowledge of technical troubleshooting

- Working knowledge of IT systems management including change control, software process improvement, and technical writing/documentation

- Working knowledge of information security architecture, security technologies, administration, audits, and network and internet security

- Working proficiency of various offensive security tools

- Ability to work cooperatively and professionally with co-workers, customers, and management

- Strong verbal and written communication skills

Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture

- Ability to present complex material in a digestible, consumable manner to all levels of management

- Strong ability to create proof of concepts from discovered potential vulnerabilities

- Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats

#ISS

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits: 

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

  • Healthcare (medical, dental, vision)

  • Basic term and optional term life insurance

  • Short-term and long-term disability

  • Pregnancy disability and parental leave

  • 401(k) and employer-funded retirement plan

  • Paid vacation (from two to five weeks depending on salary grade and tenure)

  • Up to 11 paid holiday opportunities

  • Adoption assistance

  • Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.  

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $116,280.00 - $136,800.00 - $150,480.00

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.