Offensive Security Engineer

About Globals:

Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, ERP Systems, Predictive Analytics, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions.

Globals is certified as a "Great Place to Work" organization for its great work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist.

Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise.

Globals is a CMMI Level 3 certified company.

About the Job Role:

As an Offensive Security Engineer (Red Team Consultant), you will work with a team to perform various types of security testing on Network Infrastructure and Web Application of our clients to identify and propose solutions for security issues. In addition, you will work with clients to propose security controls for long-term solutions. You will research on vulnerabilities on our client’s networks and web applications, and perform network penetration testing and web application security assessments and other highly technical engagements across a variety of client industries. Also, recommend and implement improvements to testing processes methodologies. Write comprehensive reports and deliver presentations for technical and non-technical audiences, including executives and stakeholders.

Key Responsibilities:

  • Perform penetration tests on network infrastructure, systems, and applications to identify exploitable vulnerabilities and potential security risks.
  • Mimic real-world cyber-attack scenarios to assess the organization's defense capabilities and security posture.
  • Assessment of functionality and capabilities of Security Devices, including firewalls, IDS and IPS, antivirus, EDR, web content filtering, Email Gateway Security, Data Prevention Protection, etc.
  • Good understanding of network security, DDoS attack infrastructures, and ISP defense mechanism.
  • Physical & Wireless security assessments of our clients diverse locations.
  • Employ common testing frameworks in your projects, such as the MITRE ATT&CK framework.
  • Planning and executing red team engagements/activities, including scoping, objectives, and timeline.
  • Document and catalog your findings discovered during assessments. Research new and novel tactics, techniques, and procedures that may be used to gain inappropriate access to user data.
  • Incorporate Threat Intelligence research to track APT trends and help our partners test their environments against new and emerging threats.
  • Developing, extending, or modifying exploits, shell code, or exploit tools.
  • Work with Incident Response, Product Security, and other security partners to align remediation efforts that best protect the company.

Requirements & Skills:

  • Minimum experience of 2+ years in Offensive Security / Red Team or related positions.
  • Know your way around on any kind of Operating System (*nix, MacOS, Win).
  • Know your way around stateful network operations and have solid experience with network mapping tools such as Nmap.
  • Knowledge of Active Directory and Windows Security.
  • Good understanding of the most common C2 Frameworks.
  • Experience with cloud-based environments (GCP, AWS, ABC, etc.).
  • Experience with container-based environments. Stay current with the latest threats and vulnerabilities.
  • Good to have making contributions to the security or privacy community, such as public research, blogging, presentations, bug bounties, CVEs, etc. is a big plus.
  • Experience translating technical concepts into language that is understood by software engineers, technical, non-technical, and executive client stakeholders through written reports and verbal presentations.
  • Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques, and procedures used by cyber adversaries, specifically those targeting the e-commerce sector.
  • Being an Agile minded team player.
  • Ability to effectively plan, schedule and adapt to changing priorities, tasks, and requirements to meet deadlines.
  • Eagerness on self-improvement, open-minded, future-orientedHaving excellent communication skills.
  • Good command of written and spoken English.
  • Relevant certification(s) from Offensive Security, eLearnSecurity or SANS Institute is a big plus.