Senior Red Team Operator, Manager at Deloitte

Connect to your opportunity

• You will be leading a small team of Red Team Operators in the planning, execution, and reporting of Red Team engagements around the globe. This includes, but is not limited to:
  • Performing intelligence gathering against target networks, people, processes, and technologies.
  • Finding creative ways to obtain a foothold in a target network.
  • Delivering malware and establishing command and control (C2).
• Moving stealthily within target networks, satisfying the campaign objectives, while staying undetected by the blue teams.
• Establishing persistence and strategically tuning long-haul beacons to maintain long-term footholds where necessary.
  • Ensuring adherence to the Rules of Engagement during every step of the Red Team engagements.
  • Maintaining operational oversite of all actions conducted during Red Team engagements. Ensuring that every action is planned, executed, and logged properly at all times by every operator.
  • Maintaining in-depth documentation and auditing of actions taken during Red Team operations, at all times, for the purposes of deconfliction and non-repudiation.
• Identifying and acting on opportunities to train and mentor other members of the Red Team.
• Assisting in the management of the Red Team Attack Network and the implementation of new tools and techniques to improve the team’s tradecraft.
• Sharing your research within the Deloitte Global Red Team community, and with the broader security organization, by writing blogs, speaking at conferences, or publishing code.
• Developing operational processes, field manuals, and attack methodologies to continuously improve the quality of engagements and knowledge sharing amongst the team.
• Ensure deliverables meet the quality and timeliness expected of a world-class Red Team.
• Working closely with a wide variety of Deloitte’s industry leading information security teams to identify and reduce risk around the globe.

Connect to your skills and professional experience

Essential

• Solid experience of Red Team
• A deep understanding of threat actor tactics, techniques, and procedures (TTPs).
• Experience with, and a deep understanding of, digital forensics and incident response capabilities and procedures.
• Experience with leading Red Team Operations against companies and their associated people, processes, and technologies.
• The ability to create, update, and maintain documentation ranging from Red Team TTPs to governing documentation as needed.
• Experience with enumerating and attacking Windows Active Directory and Azure EntraID environments.
• Experience leading the designing, building, maintaining, and utilization of covert C2 infrastructure in various cloud platforms and environments. Automation experience is a plus!
• Experience with modern malware development and obfuscation techniques.
• A deep understanding of enterprise security architecture and the associated security controls.
• A deep understanding of monitoring, detections, and indicators of compromise/attack, and the implications they have on covert Red Team Operations.
• Hands on experience working with industry leading Red Team tools like Cobalt Strike, Nighthawk C2, Bloodhound, Evilginx2, etc.

Other Qualifications

• Relevant certifications such as OSCP, OSCE, OSEP, OSED, OSEE, CRTP, CRTE, etc.
• Public examples of blogs, conference talks, and open-source tooling demonstrating your expertise.
• Experience:
  • operating against security products such as Microsoft Defender for Endpoint/Identity and CrowdStrike Falcon.
  • with Social Engineering (physical, phishing).
  • with Outflank OST.
  • automating infrastructure deployment with Ansible and Terraform.
  • leading red teaming efforts.
  • with fully remote positions.