NB: Relocation to the Netherlands required!
What impact will you make?
As a Red Team specialist, you will work in a highly skilled team to perform various Red Team exercises for our international clients. Using your offensive skills you will covertly breach our clients’ networks and provide recommendations to strengthen the client’s security posture. To sharpen your skills, you will join the periodic Deloitte Global Red Team knowledge exchange sessions, follow trainings and perform research on the latest techniques and tools.
This is how
- finding creative ways to obtain a foothold in a client's network;
- applying an adversary mindset to simulate sophisticated actors and achieve project-specific objectives;
- stealthily move laterally, making sure not to trigger any alarms;
- performing research and develop your own tools and sharpen your tradecraft;
- sharing your research within the Deloitte Global Red Team community and with the broader security community, for example writing blogs, speaking at conferences, or publishing code;
- turning security weaknesses into tailored and concrete recommendations which you will present to clients;
- facilitating Purple Team workshops and training defensive teams of clients in to identify tactics, techniques and procedures (TTPs) used by adversaries.
What you offer
You have a passion for offensive security, finding creative ways to break into highly secured environments and laterally move to obtain access to the most critical systems. You do all of this staying under the radar of sysadmins and Blue Teams. Moreover, in case you run into new situations you are able to develop new tools and techniques to reach your objective.For the role of Red Team specialist, you also have:
- a Computer Science degree or similar;
- a passion for offensive security, Red Teaming and a drive to stay up-to-date with current attack techniques and new vulnerabilities;
- experience with technologies like WMI, WinRM, (Azure) AD and ability to script/program using e.g. PowerShell, C#, C, Python, Go, Nim, Bash for offensive purposes;
- experience setting up and using C2, working with tools like Cobalt Strike, Impacket, Mimikatz, Kekeo, Rubeus, socat and Sysinternals suite;
- proven track record of executing Red Team operations and advanced penetration tests in production environments;
- relevant security certifications are preferred, some examples: OSCP, OSEP, OSED, OSEE, CRTP, CRTE, etc.;
- excellent communication skills and fluency in written and spoken English.