Red Team Operator

Job Description

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect around the world. We’re a human network that reaches across the globe and works behind the scenes. We anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together—lifting up our communities and striving to make an impact to move the world forward. If you’re fueled by purpose, and powered by persistence, explore a career with us. Here, you’ll discover the rigor it takes to make a difference and the fulfillment that comes with living the #NetworkLife.

What you’ll be doing...

The Verizon Cyber Security (VCS) organization enables the business by protecting assets and information across Verizon networks, infrastructure and applications. VCS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

Verizon Cybersecurity (VCS) is looking for a Red Team Operator to join our Enterprise Red Team. You will be responsible for leading and participating in the design and execution of red team campaigns testing, measuring, and improving people, process, and technology. Red Team campaigns are objective based security testing for Verizon, covering multiple types of targets. Successful applicants must be capable of evaluating environments, applications, systems and processes to discover weaknesses and leverage those discoveries into actionable real world attack strategies.

The successful candidate will possess an effective aptitude in thinking like an adversary, security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing, phishing, and the ability to mentor and lead junior technical testers and effectively translate highly technical information to internal customers in a way that supports VCS and broader Verizon goals.

• The ability to lead and perform full scope Red Team testing; adversary simulation/emulation and threat simulation/emulation, social-engineering testing, and EDR/NDR/XDR evasion techniques.

• Ingest cyber threat intelligence to create procedure-level adversary emulation plans mapped to MITRE ATT&CK.

• Configure and safely utilize attacker tools, tactics, and procedures for Verizon environments.

• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.

• Help define the Red Team strategy to further enhance the company’s security posture.

• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.

• Provide risk-appropriate and pragmatic recommendations to correct found vulnerabilities.

• Develop scripts, tools, or methodologies to enhance Verizon’s red teaming processes and tradecraft.

• Drives technical oversight and mentors less experienced staff during red team, response, and analysis efforts.

• Provides leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise.

What we’re looking for...

You’ll need to have:

• Bachelor's degree or four or more years of work experience.

• Four or more years of relevant work experience.

• Two or more years experience in Adversary Emulation, Adversary Simulation, Threat Emulation, and/or Threat Simulation.

• Two or more years of experience utilizing tools such as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Nessus, Web Inspect, C2 experience.

Even better if you have one or more of the following:

• Experience consuming Cyber Threat Intelligence, building emulation plans, and mapping the MITRE ATT&CK framework.

• Network penetration testing and manipulation of network infrastructure.

• Mobile, API, and/or web application assessments.

• Email, phone, or physical social-engineering assessments.

• Shell scripting or automation of simple tasks using Perl, Python, or Ruby.

• Developing, extending, or modifying exploits, shellcode or exploit tools.

• Source code review for control flow and security flaws.

• Experience with Red and Purple team exercises.

• A degree in a technical field.

• Solid understanding of blue team process and technologies (EDR, NDR, SIEM, data sources, threat hunting, etc).

• Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.

• An implementation level familiarity with all common classes of modern exploitation

• Thorough understanding of network protocols, data on the wire, and covert channels.

• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell.

• Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as JAVA, .NET, C#, or others.

• Industry certifications such as GXPN, GPEN, OSCP, OSCE, OSWE, GCIH, or GWAPT

• Be a continuous learner; with a desire to stay current on security trends, tools, technologies and best practices.

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

Where you’ll be working

In this hybrid role, you'll have a defined work location that includes work from home and a minimum eight assigned office days per month that will be set by your manager.

Scheduled Weekly Hours

40

Equal Employment Opportunity

We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.