Information Security Red Team Engineer
Love Where You Work•Provo, UT
1d
About The Position
The Red Team Engineer is responsible for simulating real-world cyberattacks to identify vulnerabilities and improve the organization’s security posture. This role involves penetration testing, exploit development, and vulnerability discovery to assess defenses across networks, applications, and physical environments. This position requires the ability to design solutions for vulnerabilities identified and collaboration with Blue Team to enhance detection and response capabilities.
Requirements
- Bachelor’s degree in Cybersecurity or related field or equivalent experience.
- OSCP, CEH, GIAC, CISSP, Security+
- Deep understanding of attack frameworks (e.g., MITRE ATT&CK), penetration testing methodologies, and exploit development.
- Knowledge of network protocols, operating systems, and application security.
- Familiarity with NIST CSF 2.0 or other cybersecurity frameworks.
- Understanding of financial institution risk and operations.
- Familiarity with regulatory and compliance requirements.
- Minimum three years of experience in offensive security, penetration testing, or a related field.
- Hands-on experience with tools such as Metasploit, Cobalt Strike, Burp Suite, and custom scripting.
- A demonstrated ability to work collaboratively with a broad range of constituencies essential.
- Strong problem-solving and critical-thinking skills.
- Ability to work under pressure and adapt to evolving attack scenarios.
- Excellent written and verbal communication for technical reporting and executive briefings.
Responsibilities
- Manage vulnerability scanning tools including recasting criticality based on the compensating controls and determining priority of remediation to meet SLAs.
- Conduct full-scope red team engagements, including reconnaissance, exploitation, and post-engagement reporting.
- Perform advanced penetration testing on networks, applications, cloud environments, and physical security systems.
- Develop and execute custom exploits and payloads to simulate sophisticated adversary tactics.
- Execute social engineering campaigns (phishing, vishing, physical intrusion) to test human security resilience.
- Assess and bypass security controls such as firewalls, IDS/IPS, and endpoint protection.
- Utilize OSINT techniques for reconnaissance and attack planning.
- Document findings and provide actionable remediation recommendations to stakeholders.
- Collaborate with Blue team to improve detection, response, and overall security posture.
- Stay current with emerging threats, zero-day vulnerabilities, and advanced attack techniques.
- Continuously improve detection, protection, and response processes to address evolving threats.
- Ensure compliance with regulatory requirements, maintain audit logs, and provide security reporting to leadership.
- Works a regular and predictable schedule.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
