Red Team Lead/Expert

Deloitte provides Technology & Transformation Services to nearly 90% of the Fortune Global 500® and thousands of private companies. Technology & Transformation services cover world class and innovative customer strategy & design, technology development & implementation and architecture design & technology strategy. Deloitte also has Strategy, Risk & Transactions, Audit & Assurance and Tax & Legal Services.

Our more than 460,000 professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories.

Deloitte has 5 values to make an impact. These are; lead the way, serve with integrity, take care of each other, foster inclusion, collaborate for measurable impact.

We are currently looking for Red Team Lead/Expert with the following skills and experience;

Responsibilities;

• Performing, overseeing, improving and providing feedback on the services offered, i.e. Red Team, Purple Team etc.,
• Designing a program and creating Standard Operating Procedures, Rules of Engagement, Testing Methodologies,
• Conducting advanced penetration testing exercises (Network, Web Application, Mobile and Cloud),
• Working in various environments like Windows, Linux and MacOS, and an understanding of various attack paths and attack vectors in these environments,
• Identifying and exploiting vulnerabilities and misconfigurations,
• Reporting finding and developing pragmatic recommendations with the product ecosystem in mind,
• Developing, extending, or modifying exploits, shellcode, or exploit tools,
• EDR/XDR evasion, email sandbox evasion,
• Cloud based red team infrastructure creation and development,
• Ability to identify attack paths for lateral movement and privilege escalation,
• Reducing attack surface of the organization,
• Experience with offensive tools and platforms such as Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver,
• Bloodhound, Ghostpack, Nmap, Nessus, powershell, Massscan, EyeWitness, Burp Suite,
• Reverse engineering attack methods
• Open to travel as the need arises to perform testing on-site e.g. Data centers, office locations etc. (Estimated Frequency: once in 2-3 months).

What we are looking for;

• Bachelor's degree in a related area (must)
• 5+ years of industry experience (must)
• Industry certifications such as CRTP, CRTO, CRTE, CRTM, OSCP, OSEP, OSED, OSMR, OSEE, OSWE, OSWP, GPEN, GCIH, GWAPT, GDAT or GXPN,
• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, speaking at conferences etc.,
• Experience with infrastructure automation, server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code