As an individual contributor on our purple team with penetration and security advisory skillset, youll have a broad set of responsibilities including: (the mix will depend on your interests and skill-level)
Prepare and execute purple team exercises and/or penetration testing projects individually for Singapore projects
Create, develop, and implement tactics, techniques, and procedures (TTPs)
Develop novel attack vectors based on newly discovered vulnerabilities
Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND)
Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework
Manage penetration testing services performed by outside vendors
Perform red teaming of our security measures of both our employee IT and production assets
Perform penetration testing of our employee IT and production assets, including our applications and internal production services
Conduct security consultancy include security risk assessment, source code review, compliance scan and security advisory when require by customers.
Requirements
Demonstrated ability to:
Identify vulnerabilities in web apps and web APIs by means of manual source code review, static code analysis, and/or fuzzing using tooling such as Burp Suite
Identify vulnerabilities in Windows/Linux/macOS software by means of manual source code reviews, static code analysis, and/or fuzzing such as AFL
Perform operating system security assessments, review of hardening controls
Advanced experience writing in languages such as: Python, bash, or Golang
Interested in writing customs tools, wrappers, C2 infrastructure and agents to support internal red team and penetration testing capabilities
Advanced knowledge of:Windows, Linux, ChromeOS, and macOS
Implants, shells, Command and Control (C2) infrastructure
TCP/IP, IDS/IPS, firewalls, WAF, and web content filtering
Crypto: PGP, SSH, PKI
Network equipment such as Cisco, Palo Alto, and Juniper
