Manager, Cyber Adversarial Emulation

Ensign is hiring !

Manager, Security Testing and Red team

Requirements:

• Familiar with cyber security principles, policies and industry best practices
• Experienced in consulting, including internal and client facing experiences
• Possess relevant cybersecurity certifications or accredited experience from CTF
• Ability to travel overseas when required
• Familiar with system administration on various operating systems flavours (Linux and Windows)
• Familiar with programming/scripting languages such as .NET, Python, Bash and PowerShell
• Understand and apply the Cyber Kill Chain
• Good understanding with Active Directory and Windows environment

Preferred Qualifications/Skills

• Experienced with tools such as Bloodhound, TinyShell and the likes
• Cyber Security Certifications (e.g. OSCP, SEC564, SEC660, CREST)
• Minimum of 5 to 8 years in the role of Penetration Tester
• Ability to think unconventionally, disruptively and like an adversary

He/She is expected to lead multiple engagements, orchestrating and supporting his teams to deliver on agreed objectives. The lead will be expected to work in challenging environments and deliver under pressure, while maintaining good working relationships with customers. The role focuses on competence in technical delivery but requires an aptitude for consultancy and management. He/she will be required to manage and mentor the pentest team.

Duties & Responsibilities:

• Plan and execute complex Penetration tests.
• Lead Project Delivery in planning and arranging pentest activities, assigning personnel and managing workloads.
• Deliver both technical and management engagement presentations.
• Maintain a good working knowledge of threat actors and their Tactics, Techniques and Procedures (TTP’s).
• Co-ordinated delivery of risk workshops, Threat Intelligence handover and project setup meetings with customers.
• Create robust and coherent test plans, or provide quality assurance of any test plans.
• Maintain a proficient knowledge of regulatory frameworks, laws and there legal implications, operational security and its impacts on the team.
• Support the sales team in procurement of pentest services:
• Responding to RFP's and other proposals.
• Presales to support the effective communication of the pentest service and set appropriate expectations.
• Onsite presentation of pentest service to executive level audiences.
• Regular training provided to the sales team to upskill the knowledge of the pentest service and current terminology.
• Reporting: Create high quality and thorough technical and management reports, which are appropriately directed to their intended audience.
• Providing Quality Assurance services, confirming either the relevant technical or management quality, as well as the report being coherent and written to a high standard.
• Coach and mentor pentest members, providing support to all aspects of the job, technical, procedural and social.
• Maintain the pentest methodology and supporting documentation/processes.
• Strong leadership, managing a team of testers, assigning workload and utilising the different skillsets to achieve objectives.
• Maintain a focus on client objectives and have the ability to manage time and client expectations.
• Develop brand reputation across the industry, this could be in the form of training, workshops, conference talks or blogs.

Skills/Experience Required

• 5 year experience in leading and technical delivery of complex pentest engagements.
• Strong technical, social and presentation skills.
• Strong influence, negotiation and relationship management skills.
• Good written and speaking English skills.
• Analytical/problem solving skills.
• Ability to lead, teach, present and inspire the wider team.
• Highly proficient with multiple C2 frameworks and capable of modifying or creating tooling to overcome technical challenges.
• Offensive Security OSCP, OSCE & CREST CCSAM, CCSAS or equivalent level of IT Security related certification/knowledge.
• Knowledge and experience in scripting or programming languages (ex. Python, Perl, Ruby, PowerShell, C, C#, Java) in order to develop custom scripts or tools.
• Knowledge of adversary tactics and threat modelling.
• Understanding of global regulatory landscape for technology and cyber risk.