Loading...
Share this Job
Location: 

Bangalore, KA, IN

Expert Red Team Specialist

 


About Swiss Re
 

Swiss Re is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. We anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime.

At Swiss Re we combine experience with creative thinking and cutting-edge expertise to create new opportunities and solutions for our clients. This is possible thanks to the collaboration of more than 13,000 employees across the world.

We offer a flexible working environment where curious and adaptable people thrive. Are you interested in joining us?

 

About Swiss Re
The Swiss Re Group is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. It anticipates and manages risk – from natural catastrophes to climate change, from ageing populations to cybercrime. The aim of Swiss Re is to enable society to thrive and progress, creating new opportunities and solutions for its clients. Headquartered in Zurich, Switzerland, where it was founded in 1863, and operates through a network of around 80 offices globally. It is organized into three Business Units (with thousands of digital products), each with a distinct strategy and set of objectives contributing to the Group’s overall mission.

 

About the role:
Do security questions, new adversarial approaches, and technical solutions to technical attacks excite you? As part of our security program, we are rapidly growing our internal Red Teaming Service to support Swiss Re in continuously challenging and thus strengthening the protection of the confidentiality, integrity, and availability of client data, intellectual property, and IT assets.
For this service we are looking for very experienced security enthusiasts with great technical skills and constant eagerness to learn and broaden his/her knowledge in the areas of security penetration testing and red teaming. The candidate should indicate expertise to perform simulated security assessments and improve defensive capabilities. Bringing back engineering culture to the organization, we would love to have you join us in making the world more resilient!
Your responsibilities will include:
• Plan and scope the Red Teaming Operations and appropriately involve and engage the project partners
• Create detailed engagement plans and emulate adversary TTPs
• Perform simulated security testing against corporate web applications, networks and infrastructure (Windows and *nix)
• Develop tools, scripts and methods to improve Swiss Re's internal Red Team tradecraft
• Create reports in an appropriate style and language for the different project partners
• Work closely with the defense engineering teams ("Blue Team") to discuss areas for improvement
• Drive the remediation of the findings utilizing the given environment and processes
• Assist with incidence response activities in the Chief Security Organization

 

About you:
• Several years of experience in conducting deep technical security tests (e.g. penetration tests) for various platforms and applications
• You've spent at least 2-3 years of work experience in similar roles
• Proficient in adversary focused techniques e.g. OSINT, phishing, defense evasion, and post exploitation
• Up to date with current TTPs, exploits, and tools
• Scripting experience (Python, Perl, PowerShell, etc.)
• Good communication and writing skills; proficiency in English is a requirement, other languages are a plus
• Strong analytical and problem-solving skills and the ability to explain complex technical concepts in a clear and concise manner and to provide remediation recommendations
• Sound understanding of security frameworks (MITRE ATT&CK, OWASP Top 10, NIST)
• Development, programming or penetration testing background
• OSCP certification is required
• One of the following certifications is a plus: OSCE, OSEE, CRTO, SANS GWAPT, SANS GPEN, SANS GMOB or SANS GXPN (or a similar technical certification)
• Knowledge of / or experience with both COTS or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Cobalt Strike, Metasploit, Burp Suite, Nmap, etc.).
• Client centric service: You are aware of the importance of internal and external clients. You are passionate about understanding the needs and goals of our clients and enjoy working with them to meet these. You focus on delivery, achieving outcomes and providing high quality service and documentation on technical findings.
• You are proficient in security in all cloud contexts and you are comfortable with operating in a regulated industry.
• You frequently participate in community events through talks and related engagements.

 

We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
We see you as a curious person with creativity to develop new attack vectors and techniques and "break things" in combination with a strong desire to make Swiss Re more secure day by day!


Keywords:  
Reference Code: 100684