As a member of the red team you provide the technical expertise required to carry out internal and external hacking exercises. You will seek out and bring to light company crushing vulnerabilities in real world scenarios using any methods at your disposal. From here you will create and provide presentations to executive management highlighting outcomes of the team’s operations with recommendations for remediation or mitigation.
This is a position for highly driven autonomous security professionals that work well in a team-oriented environment.
- Plan and conduct attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on critical functions.
- Be flexible with regard to schedule to accommodate the most effect time to carry out attack campaigns depending on objectives defined.
- Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks, emulating malicious actor behavior aimed at avoiding detection.
- Review results of any operation in order to determine severity of findings and identify potential remediation or mitigation strategies.
- Work in a fast-paced, tightly knit and coordinated team within a highly technical environment and have the willingness to learn new skills as required.
- Compile and present comprehensive campaign results to process / system owners as well as senior leadership.
- Create extensive documentation and be able to present your findings to the rest of the team or subject matter experts as necessary.
- Define and develop agenda for training and educating employees on advanced exploits, tools and frameworks.
- Research emerging technologies and exploitation methods relevant to the company.
- Explore opportunities to discover previously unknown or undisclosed vulnerabilities.
- Execute on your comprehensive knowledge and specialization in assigned area of skill in complex and challenging situations.
- Possess and employ a high level of proficiency in one or more disciplines employed within the red team, such as web applications, system exploitation, network based attacks, reverse engineering, social engineering, etc.
- Bachelor’s degree in Computer Science, Information Security, a related program, or equivalent work experience
- A minimum of 6 years’ of professional experience in information security as a penetration tester, reverse engineer, researcher or threat analyst / IR team member
- Able to operate at an advanced level of written and spoken communication
- Prior experience or expertise performing red team operations
Disciplines / Specializations Preferred
- High level of knowledge in application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning, and anything else a minion of Diablo would perform
- Experience with writing and demonstrating proof of concept work from an exploitation or attack perspective
- Capable to create and employ modules and tailored payloads for common testing frameworks or tools
- Extensive understanding of cryptography, its role in the enterprise, and its strengths as well as weaknesses
- Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and exfiltration
- Programming exposure and familiarity with languages such as C /C# / C++, Java, or Assembly
- Proficiency in one or more scripting languages, e.g. Perl, Python, PowerShell or shell scripting
- Prior experience with reverse engineering, malware analysis, and forensic tools
- Solid understanding of networking topologies, protocol usage, and enterprise hardware including switches, routers, firewalls and their roles in security
- Knowledge of access control methodologies, network / host intrusion detection, vulnerability management tools, patch management tools, penetration testing tools, and AV solutions
- Knowledge or experience in infiltration of physical systems such as lock picking, social engineering, and hardware authentication bypass
- Experience with hardware hacking or building custom hardware for the purpose of exploitation
Required Application Materials
- Cover Letter (optional) which should include:
- Why you are interested in working at Blizzard
- What games you are currently playing
Blizzard Entertainment is a global company committed to growing our employees along with the business. We offer generous benefits and perks with an eye on providing true work / life balance. We’ve worked hard to foster an intensely collaborative and creative environment, a diverse and inclusive employee culture, and training and opportunity for professional growth. Our people are everything. Our core values are real, and our mission has never changed. We are dedicated to creating the most epic entertainment experiences...ever. Join us!
Blizzard Entertainment offre les mêmes chances à tous ses employés, indépendamment de leur couleur, religion, sexe, identité sexuelle, orientation sexuelle, nationalité, handicap ou tout autre critère discriminatoire pénalement répréhensible.
Demande relative à l’accessibilité : nous avons à cœur d’accueillir des personnes en situation de handicap physique et mental au sein de notre entreprise, tout en veillant à leur fournir une aide suffisante. Si tel est votre cas et que vous souhaitez effectuer une demande relative à l’accessibilité en vue de postuler pour une offre d’emploi, veuillez envoyer un message à l’adresse firstname.lastname@example.org. Veuillez noter que nous ne serons pas en mesure d’accepter ou de traiter les questions d’ordre général au sujet de l’emploi envoyées à cette adresse. Merci de l’intérêt que vous portez à notre entreprise.
Remarque destinée aux cabinets et agences de recrutement : nous n’acceptons pas de CV non sollicités, il est inutile de nous les faire suivre. Nous ne paierons pas non plus d’agence tierce, de recruteurs ni de firmes sans avoir au préalable signé un contrat, et déclinons toute responsabilité quant aux sommes éventuellement réclamées pour la réception de CV non sollicités. Ces derniers seront considérés comme notre propriété et seront traités en conséquence.