|Company||White Oak Security|
|Preferred GIAC Certifications||GPEN, GWAPT, GXPN, GCFA|
|Contact Name||Christopher Emerson|
Staff Specialist – Threat Emulation
White Oak Security is seeking a Staff Specialist, for our Threat Emulation Services team, to deliver the firm’s service offerings around system-wide views of threat-driven risks and applying them to the testing of systems and services that the firm delivers.
The successful candidate will have a proven track record of leading and executing penetration tests, performing threat/adversary emulation within a passionate offensive security team and executing tactical, offensive assessments.
At White Oak Security, we love what we do, and we want to provide a place where talented professionals can thrive.
Our people are our first priority. We want our employees and their families to be happy — this has allowed us to bring together the best talent and drives everything we do.
We enjoy a caring and happy culture where people feel valued. It’s important that our team members enjoy what they do and have the curiosity to keep learning.
Our team values true depth of knowledge which translates into quality. We believe in delivering comprehensive solutions and actionable reports.
We want to do the right thing and offer services that do the most good. Our clients want someone they can trust with their sensitive data and who will support them through anything.
-Perform scoped and open-ended assessments on internal and external facing systems
-Perform threat and vulnerability research to identify new ways of achieving the program’s mission and act as a source for innovation within the cybersecurity industry
-Assisting in the sales process with potential or existing clients, and acting as a client’s primary program contact for projects delivered by White Oak Security’s Threat Emulation team
-Develop and implement tools that assist with execution of security assessments, including custom tools and automation
-Work with the customer Blue Team to identify gaps, address findings, and improve breach response
-At least 7 years of progressively responsible experience performing network and application security assessments and Cyber Red Team operations
-Prior experience should include one or more of the following:
--Executing application and/or network penetration tests
--Executing Red Team or Threat Emulation assessments
-Work collaboratively with a variety of internal and external stakeholders (security consultants, project managers, service managers, development teams, technical SME’s, vendors) to deliver high quality assessments
-Strong understanding of and experience with:
--Networking fundamentals (all OSI layers, protocols, etc.)
--Windows/Linux/Unix operating systems
--Operating system and software vulnerabilities and exploitation techniques
--Web and mobile application vulnerabilities and exploitation techniques
--Malware packing, obfuscation, persistence, exfiltration techniques
--Security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
--Commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
-Developing in house tools / scripts to improve delivery and facilitate testing operations
-Demonstrated leader with team-oriented interpersonal skills, with the ability to interface effectively upper management, IT leadership and technology vendors
-Ability to collaborate and build positive relationships across multiple stakeholders
-Agile thinking and analysis that leads to win-win and innovative solutions
-Strong written and verbal communication skills
-Calmness and clarity of thought under pressure and ability to maintain confidentiality
-Ability to prepare and present project ideas and proposals to senior management
-Understanding of financial sector, or other large organization, security and IT infrastructures
-Willingness to work non-standard hours, if necessary
-GIAC certification a plus, e.g. GPEN, GWAPT, GXPN, GCFA
-Top-tier Health Benefits
-401k + Match
-Profit Sharing (after 12 months)
-Training / Conference Budget
-Flexible Work Schedule
-Remote (Americas – United States of America)
-Depends on project requirements
- Christopher Emerson