Apply now »

Ethical Hacker / Application Security Expert - Red Team

Job Title: Application Security Expert - Red Team / Ethical Hacker

Department: Information Security / Cybersecurity

Reports To: Group CISO

 

Job Summary:

The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture.

 

Responsibilities:

  • Red Teaming & Attack Simulation:
    • Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls.
    • Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors.
    • Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities.
  • Advanced Penetration Testing:
    • Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques.
    • Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling.
    • Develop detailed penetration test reports with clear and actionable recommendations for remediation.
  • Secure Code Review (Offensive Perspective):
    • Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers.
    • Provide developers with guidance on secure coding practices and vulnerability remediation techniques.
    • Develop and maintain secure coding guidelines and checklists.
  • Vulnerability Research & Exploit Development:
    • Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques.
    • Conduct vulnerability research to identify new and emerging threats.
    • Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities.
  • SDLC Integration & Security Advocacy:
    • Collaborate with development teams to integrate security testing and red teaming activities into the SDLC.
    • Participate in design reviews and provide security guidance on application architecture and design.
    • Promote a security-conscious culture within the development organization.
  • Vulnerability Management (Validation & Verification):
    • Validate and verify the effectiveness of vulnerability remediation efforts.
    • Retest remediated vulnerabilities to ensure they have been properly addressed.
  • Security Tooling & Automation (Offensive Tools):
    • Evaluate, recommend, and customize offensive security tools and technologies.
    • Automate red teaming and penetration testing processes to improve efficiency and coverage.
  • Required Skills and Qualifications:

 

Education:

    • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.

Experience:

    • 8+ years of experience in application security, penetration testing, red teaming, or a related field.
    • Demonstrable experience conducting advanced penetration tests and red team engagements.
    • Strong understanding of web application vulnerabilities (e.g., OWASP Top 10, SANS Top 25).
    • Experience with various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Kali Linux).
    • Experience with exploit development and reverse engineering.
  • Technical Skills:
    • Expert proficiency in one or more programming languages (e.g., Python, Java, C, C++).
    • Strong understanding of web application architectures and technologies.
    • Deep understanding of network protocols and security concepts.
    • Familiarity with cloud security principles and practices (e.g., AWS, Azure, GCP).
    • Understanding of authentication and authorization mechanisms.
  • Certifications (Required/Preferred):
    • Offensive Security Certified Professional (OSCP) - Required
    • Certified Ethical Hacker (CEH) - Preferred
    • GIAC Web Application Penetration Tester (GWAPT) - Preferred
    • Offensive Security Certified Expert (OSCE) - Highly Preferred
    • Offensive Security Web Expert (OSWE) - Highly Preferred

Apply now »