Cyber Red Team Operator

At BBH we value diverse backgrounds, so if your experience looks a little different from what we've outlined and you think you can bring value to the role, we will still welcome your application!

What You Can Expect At BBH :

If you join BBH you will find a collaborative environment that enables you to step outside your role to add value wherever you can.

You will have direct access to clients, information and experts across all business areas around the world. BBH will provide you with opportunities to grow your expertise, take on new challenges, and reinvent yourself without leaving the firm.

We encourage a culture of inclusion that values each employee’s unique perspective. We provide a high-quality benefits program emphasizing good health, financial security, and peace of mind.

Ultimately we want you to have rewarding work with the flexibility to enjoy personal and family experiences at every career stage.

Our BBH Cares program offers volunteer opportunities to give back to your community and help transform the lives of others.

Cyber Red Team Operator

The Cyber Red Team Operator will be responsible for the execution of Red Team assessments to improve the security posture of BBH.

The Red Team Operator plans and executes Red / Purple Teaming events, Penetration Tests, Vulnerability Assessments, and Control Validations.

This position will be required to effectively operate under Red Team procedures / controls to identify vulnerabilities across the BBH environment.

PRINCIPAL RESPONSIBILITIES

Red Team Activities

• Execute Red Team activities to include scope development, planning, execution, data collection, reporting, and remediation support
• Conduct risk assessments of vulnerabilities identified and write reports to facilitate the mitigations and remediations needed to improve BBH security posture
• Understand and implement BBH Red Team Operating Standard and conditional Rules of Engagement in accordance with regulatory guidelines and best practices
• Lead collaboration and brief results with security architecture, development, network, server, and web teams to mitigate or remediate security weaknesses as well as provide prevention and detection recommendations for cyber threats.

Monitor the resolution of vulnerabilities with application and system owners and escalate identified security vulnerabilities when required

Participate in Cyber Tabletop Exercises as a subject matter expert for adversary behavior, intent, and TTPs

Technical Management

• Maintain an understanding of adversary Tactics, Techniques, and Procedures (TTPs) and how to best emulate adversary behavior for Red Team Activities.
• Recommend and manage configurations of Red Team tools and Attack Simulation Tools.
• Assist with the execution of Consultant Penetration Testing of the firm’s cyber security posture.

KNOWLEDGE, SKILLS AND ABILITIES

8 to 10 years of relevant experience in four or more of the following areas :

• Red Team Operations and Penetration Testing
• Network security assessments
• Web application vulnerability identification
• Designing and Implementing Red Team security controls
• Offensive Security
• Malware analysis and remediation
• Security Incident Response

Knowledge & technical skills :

• Expertise with security assessment methodology, vulnerability management, OWASP model, CVE ratings
• Experience with Red Team tools and attack simulation tools
• Ability to read web and application server logs to identify vulnerabilities
• Scripting / coding experience to prepare attack code
• Knowledge / ability to classify the severity of vulnerabilities
• Experience preparing Red Team reports
• Familiarity in cyber security forensics is a plus

Other requirements (licenses, certifications, specialized training, physical or mental abilities required)

• Offensive Security Certified Professional (OSCP)
• Certified Information Systems Security Professional (CISSP) a plus
• Network+ certification a plus

After hours & Weekend work required

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.