Senior Red Team Specialist
Security Irvine, California

As a member of the red team you provide the technical expertise required to carry out internal and external hacking exercises.  You will seek out and bring to light company crushing vulnerabilities in real world scenarios using any methods at your disposal.  From here you will create and provide presentations to executive management highlighting outcomes of the team’s operations with recommendations for remediation or mitigation.  

This is a position for highly driven autonomous security professionals that work well in a team-oriented environment.

Responsibilities

  • Plan and conduct attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on critical functions.
  • Be flexible with regard to schedule to accommodate the most effect time to carry out attack campaigns depending on objectives defined.
  • Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behavior aimed at avoiding detection.
  • Review results of any operation in order to determine severity of findings and identify potential remediation or mitigation strategies.
  • Work in a fast-paced, tightly knit and coordinated team within a highly technical environment and have the willingness to learn new skills as required.
  • Compile and present comprehensive campaign results to process / system owners as well as senior leadership.
  • Create extensive documentation and be able to present your findings to the rest of the team or subject matter experts as necessary.
  • Define and develop agenda for training and educating employees on advanced exploits, tools and frameworks.
  • Research emerging technologies and exploitation methods relevant to the company.
  • Explore opportunities to discover previously unknown or undisclosed vulnerabilities.
  • Execute on your comprehensive knowledge and specialization in assigned area of skill in complex and challenging situations.
  • Possess and employ a high level of proficiency in one or more disciplines employed within the red team, such as web applications, system exploitation, network based attacks, reverse engineering, social engineering, etc.

Qualifications

  • Bachelor’s degree in Computer Science, Information Security, a related program, or equivalent work experience
  • A minimum of 6 years’ of professional experience in information security as a penetration tester, reverse engineer, researcher or threat analyst / IR team member
  • Able to operate at an advanced level of written and spoken communication
  • Prior experience or expertise performing red team operations

Disciplines / Specializations Preferred

  • High level of knowledge in application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning, and anything else a minion of Diablo would perform
  • Experience with writing and demonstrating proof of concept work from an exploitation or attack perspective
  • Capable to create and employ modules and tailored payloads for common testing frameworks or tools
  • Extensive understanding of cryptography, its role in the enterprise, and its strengths as well as weaknesses
  • Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and exfiltration
  • Programming exposure and familiarity with languages such as C /C# / C++, Java, or Assembly
  • Proficiency in one or more scripting languages, e.g. Perl, Python, PowerShell or shell scripting
  • Prior experience with reverse engineering, malware analysis, and forensic tools
  • Solid understanding of networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
  • Knowledge of access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
  • Knowledge or experience in infiltration of physical systems such as lock picking, social engineering, and hardware authentication bypass
  • Experience with hardware hacking or building custom hardware for the purpose of exploitation

Required Application Materials

  • Resume
  • Cover Letter (optional) which should include:
      • Why you are interested in working at Blizzard
      • What games you are currently playing

Blizzard Entertainment is a global company committed to growing our employees along with the business. We offer generous benefits and perks with an eye on providing true work / life balance. We’ve worked hard to foster an intensely collaborative and creative environment, a diverse and inclusive employee culture, and training and opportunity for professional growth. Our people are everything. Our core values are real, and our mission has never changed. We are dedicated to creating the most epic entertainment experiences...ever. Join us!

Blizzard Entertainment is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.

Accommodation Request: We are committed to working with and providing reasonable assistance to individuals with physical and mental disabilities. If you are a disabled individual requiring an accommodation to apply for an open position, please email your request to talentacquisition@blizzard.com. General employment questions cannot be accepted or processed here. Thank you for your interest.

Note to Recruiters and Placement Agencies: We do not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website or to any of our employees. We will not pay fees to any third party agency, outside recruiter or firm without a mutually agreed-upon contract and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered our property and will be processed accordingly.