Job description
Job Reference #
City
Job Type
Your role
The ideal candidate will be responsible for executing Red Team Testing activities including security knowledge development under the supervision of a senior Red Team Testing lead. The role will be located in the US and reporting into the global CIS Attack Testing Team, part of the Cyber & Information Security (CIS).
Duties & Responsibilities include:
- Work with Cyber Threat Intelligence function to develop red team scenarios consistent with real attacks as well as business lines understanding their threats
- Work with Security Operations function to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.)
- Plan and execute red-team exercises by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including periodic reporting of progresses to stakeholders
- Develop and submit detailed reports of findings, analysis and recommendations
- Coordinate Red Team operational briefings and presentations to non-technical audience and executive management, as required
- Provide Information and Cyber Security technical expertise to the CIS Attack Testing Team and to the Cyber & Information Security (CIS) function overall.
Your team
Your expertise
- several years experience with increasing responsibility in Information Technology, Information and Cyber Security and Compliance that includes a combination of hands on/technical and project leadership skills
- solid experience executing penetration testing / red team testing assessments of high-consequence systems (including execution of CBEST/ iCAST exercises and alike)
- in depth knowledge of enterprise architectures and operations
- detailed and up-to-date knowledge of threat and vulnerability management techniques and tools
- strong knowledge of e.g. OSI Model, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP amongst other
- well versed in a wide range of security tools like Burp, Nessus, Metasploit, Empire, Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- an inquisitive mind and passion for security researching
- knowledge of exploit crafting/handling/development, malware packing, delivery and obfuscation/evasion techniques
- ability to automate tasks using a scripting language (Python, Perl, Ruby, etc)
- strong knowledge of networking protocols and packet analysis
- able to operate at an advanced level of written and spoken communication in English; write and speak effectively with impact
- strong project management skills
Desired Background:
- B.Sc. / M.Sc. in Computer Science, Computer Engineering, Information Security or equivalent
- ISC2 Certified Information System Security Professional (CISSP)
- One or More certifications related to Red Team Qualifications / and or Cyber Security such as:
- CREST Certified Simulated Attack Manager (CCSAM) or CREST Certified Simulated Attack Specialist (CCSAS) – Highly preferred
- Offensive Security (OSCE, OSCP)
- CREST Registered Penetration Tester
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT)
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
- GIAC Penetration Tester (GPEN)
- Offensive Security Certified Professional (OSCP)
- Certified Penetration Tester (CPT)
- Systems Security Certified Practitioner (SSCP)
- CompTIA Advanced Security Practitioner (CASP+)
- GIAC Certified Incident Handler (GCIH)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
#LI-Hybrid
About us
With more than 70,000 employees, we have a presence in all major financial centers in more than 50 countries. Do you want to be one of us?
How we hire
Join us
From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know that it's our people, with their unique backgrounds, skills, experience levels and interests, who drive our ongoing success. Together we’re more than ourselves. Ready to be part of #teamUBS and make an impact?
Disclaimer / Policy Statements