Cyber Red Team Specialist

Deloitte - Tampa, FL4.0

Full-time
About Deloitte & Touche
Deloitte & Touche LLP's ("Deloitte & Touche's") Risk and Financial Advisory business has a mature risk-based approach, experienced professionals, comprehensive methodologies, and highly technical resources. Deloitte & Touche's services combine competency and experience in the areas of financial reporting, risk management, and compliance.

In the world of professional services, the strength of Deloitte & Touche can be seen by the quality of our clients, which include leading companies across many different industries. With several years in business, Deloitte & Touche has built a reputation for quality and trust and has helped many clients navigate a wide range of challenges. To help our clients succeed, we look beyond tactical information security issues, focusing on how information security mitigates risk, impacts the business and how this aligns with or distracts from company goals. We are able to do this because our highly qualified professionals are passionate about information security and bring real-world knowledge and experience to our clients.

As a leader in Information Security, it is not surprising that our Threat and Vulnerability Management – Adversarial Simulation group is experiencing rapid growth. This is due to the success of and demand for our highly innovative services in the areas of security assessment, social engineering, advanced threat defense, application security and forensics, etc. These services are shaping how our clients manage today’s advanced security threats and have the potential to set the standard for the future.

Adversarial Simulation
As it becomes increasingly difficult to detect infiltrations and unauthorized activity, organizations need to be prepared for the highly sophisticated attacks they may face. Our Adversarial Simulation service professionals leverage deep experience with attack simulation to help clients qualify and quantify the risk and impact of vulnerabilities across the attack surface – including people, processes, and implemented technologies. Our team provides expertise in the areas of red teaming, penetration testing, attack simulation automation, vulnerability assessment, and attack threat profiling.

Job Description
Sophisticated attacks look further than the Cyber aspects to identify weak links to confidential information. These links often remain unidentified by regular tests. “Red Team Operations” allow an organization to assess the Cyber readiness and awareness through scenario based controlled incidents.

Red Teaming goes above and beyond vulnerability testing, as it takes all components within the organization in scope and has a realistic scenario-based approach. It enhances Testing, GRC and Audit work. We are looking for experienced security professionals for our Threat and Vulnerability Management – Adversarial Simulation group. For the past 15 years, Deloitte & Touche has had a successful practice helping Fortune 500 clients perform vulnerability assessments, penetration testing, and adversarial simulation (red team operations) in order to identify potential security issues before they are exploited by the adversary. Due to the sensitive nature of this type of testing, many clients have come to rely on Deloitte & Touche based on the reputation for professionalism, capability and quality that Deloitte & Touche has earned. Our security testing services have evolved, expanding beyond traditional network and application security testing to new testing techniques and models to deal with and identify advanced security attacks.

As a Red Team Operator, you will work together with a highly skilled and trained team in Red Team engagements for our clients. In these engagements, you will work to achieve specific objectives by covertly breaching the client’s network. We expect our operators to achieve these objectives as quietly as possible without raising alarms that result in detection by Blue Teams. Often, there are physical security objectives that must be met to gain access to the network at a client site. Since no environment is the same, we expect our Red Team Operators to be up-to-date with the latest exploits and potential attack strategies. The results of an exploit must be anticipated by the operator to prevent stability and availability issues to the environment. Our Red Team Operators almost exclusively test in Production environments. Furthermore, we expect you to be able to turn observations and weaknesses into specific, concrete improvement points. Periodically, you can also be asked to take part in traditional penetration testing assessments.

Consultancy Duties:
Perform red team assessments including physical, social engineering, and network exploitation
Perform internal and external penetration testing of network infrastructure and applications
Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
Perform network reconnaissance, OSINT, social engineering, and physical security reviews
Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
Understand clients' business environment and basic risk management approaches
Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
Generate innovative ideas and challenge the status quo
Build and nurture positive working relationships with clients with the intention to exceed client expectations
Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
Participate in and actively support mentoring relationships within practice