Offensive Security Engineer
AB InBev
- יפו
- משרה קבועה
- משרה מלאה
- Participate in the planning, design, and implementation of Red Team operations and plans.
- Perform full scope Adversarial Simulation / Red Team assessments.
- Conducting vulnerability assessments and security audits to evaluate the effectiveness of existing security controls.
- Train and educate the Blue Team in order to invent new ways to defend the organization.
- Documenting findings and providing detailed reports to stakeholders, including recommendations for remediation.
- Research, investigate and evaluate emerging technologies, industry trends and best practices, and vendor solutions in order to be able to recommend and assess various security products.
- Assess the domain-specific tools needed to address business demand and requirements, producing associated estimates, documenting assumptions and resourcing requirements, and ensuring proposed solutions are aligned with relevant road maps.
- Providing training and guidance to other members of the security team.
- Adversarial mindset and critical thinking skills.
- 4+ years of hands-on penetration testing experience.
- 3+ years of hands-on experience conducting red team operations.
- Experience with various testing tools such as Metasploit, Nmap, Qualys, Nessus, Burp Suite, Tanium, Wireshark, TCPdump, etc.
- Experience with using, administering, and troubleshooting at least two major flavors of Windows, and Linux, including Ubuntu or RedHat.
- Experience with scripting and editing existing code and programming using one or more of the following: Perl, Python, Ruby, bash, C/C++, C#, or Java.
- Knowledge of open security testing standards and projects, including OWASP, or MITRE ATT&CK Framework.
- Knowledge of adversarial TTPs.
- Experience in testing and assessing cloud environments AWS / GCP / Azure.
- Deep knowledge of Active Directory.
- Excellent written and verbal communication skills. Experience working in complex, diverse, and global (international) environments.
- Comprehensive understanding of security methodologies, technologies, and best practices.
- Bachelor’s degree in computer science, information systems, or related field.
- Penetration testing certifications such as OSCP/E, OSEP, GPEN, CEH, and similar are always welcomed.
- Programming knowledge in Python, PHP, PowerShell, Java, Ruby, or other relevant languages.
- Security community participation (conference speaker, tool development contributor etc. )