Red Team Operator / Security Tester
Nashville, North Carolina
Employer: UBS
Industry: Information Technology (IT)
Salary: Competitive
Job type: Full-Time
Your role
Are you passionate about the offensive side of cyber security and research? Are you curious and self-driven to continuously learn, explore, and try harder, as well as share your knowledge and experience to complement the rest of the team? Are you someone who likes to bridge the gap between the technical aspects of emulating attacker TTPs and how this will strengthen the security posture of your business? Are you self-driven, motivated and have experience working on a global security team?
Then we are looking for someone like you to:
• Join a growing in-house red teaming and offensive security capability.
• Execute all phases of offensive security operations participating in both red and purple team testing.
- Develop scripts, tooling, and methodologies to support offensive security capabilities.
- Assist in providing risk appropriate and pragmatic recommendations to correct identified findings, vulnerabilities, and misconfigurations
- Understand and adhere to regulatory, compliance, and legal requirements that impact business operations
Your team
You will be working in the Cyber Defense Organization within Technology Services, Technology Information Security Office (TS TISO). The TS TISO Vision is to protect, preserve, and prolong the value of the UBS data and digital services, and enhance UBS's brand and competitiveness in a digitized world. The Cyber Defense organization within TISO leads the management of all cyber threats and cyber risk across the Firm. To "protect the foundations and secure the future," Cyber Defense serves two mission areas: cyber threat management and defense (understanding, detecting, and responding to threats), and cyber risk management and governance (setting priorities and preventing threats).
Operational Security Testing is a global team with a presence in Switzerland, Poland and the USA. The team works with stakeholders across TS TISO and other security control areas to conduct red teaming, purple teaming and other forms of offensive security testing to identify and help remediate gaps across all aspects of the Cyber Security protect, detect and response capabilities of the Firm.
Your expertise
- One to three years of experience in an offensive security role, such as penetration testing, and a desire to move into the world of red and purple teaming.
- Experience with offensive security tools, such as Metasploit, Nessus, Burp, Kali Linux / CommandoVM or C2 frameworks (e.g. Cobalt Strike, Brute Ratel, Sliver, Nighthawk).
- Experience in automation using Python, Bash, or other scripting language ideally coupled with the ability to experiment and tweak newly developed open-source tools written in scripting languages.
- Efficient documentation skills to capture the right level of detail at the right level of abstraction while creating process/dataflow/architecture diagrams, or documenting instructions.
- Knowledge and understanding of MITRE ATT&CK framework and TTPs of cyber attacks at a conceptual level.
- Knowledge and understanding of OPSEC concepts in attack emulation.
- Experience in a blue team role investigating cyber security incidents in a modern enterprise security environment (including SIEM, EDR, etc) is a big plus.
- Experience in system administration and/or engineering experience with Linux and Windows operating systems is a plus.
- Experience with OSINT, phishing / social engineering, vulnerability research, reverse engineering and exploit development is a plus.
- Experience with cloud (Azure, AWS) technologies is a plus.
- Experience programming in C, C++, C#, Rust, Nim or in Assembly is a plus.
- Offensive Security certifications (such as OSCP or OSEP), SANS certifications (such as GXPN, GPEN, GWAPT, GREM), or other training in red teaming operations are a plus.
About us
UBS is the world's largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors..
We have a presence in all major financial centers in more than 50 countries.
Join us
At UBS, we embrace flexible ways of working when the role permits. We offer different working arrangements like part-time, job-sharing and hybrid (office and home) working. Our purpose-led culture and global infrastructure help us connect, collaborate, and work together in agile ways to meet all our business needs.
From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know that it's our people, with their unique backgrounds, skills, experience levels and interests, who drive our ongoing success. Together we're more than ourselves. Ready to be part of #teamUBS and make an impact?
Disclaimer / Policy Statements
UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.
Are you passionate about the offensive side of cyber security and research? Are you curious and self-driven to continuously learn, explore, and try harder, as well as share your knowledge and experience to complement the rest of the team? Are you someone who likes to bridge the gap between the technical aspects of emulating attacker TTPs and how this will strengthen the security posture of your business? Are you self-driven, motivated and have experience working on a global security team?
Then we are looking for someone like you to:
• Join a growing in-house red teaming and offensive security capability.
• Execute all phases of offensive security operations participating in both red and purple team testing.
- Develop scripts, tooling, and methodologies to support offensive security capabilities.
- Assist in providing risk appropriate and pragmatic recommendations to correct identified findings, vulnerabilities, and misconfigurations
- Understand and adhere to regulatory, compliance, and legal requirements that impact business operations
Your team
You will be working in the Cyber Defense Organization within Technology Services, Technology Information Security Office (TS TISO). The TS TISO Vision is to protect, preserve, and prolong the value of the UBS data and digital services, and enhance UBS's brand and competitiveness in a digitized world. The Cyber Defense organization within TISO leads the management of all cyber threats and cyber risk across the Firm. To "protect the foundations and secure the future," Cyber Defense serves two mission areas: cyber threat management and defense (understanding, detecting, and responding to threats), and cyber risk management and governance (setting priorities and preventing threats).
Operational Security Testing is a global team with a presence in Switzerland, Poland and the USA. The team works with stakeholders across TS TISO and other security control areas to conduct red teaming, purple teaming and other forms of offensive security testing to identify and help remediate gaps across all aspects of the Cyber Security protect, detect and response capabilities of the Firm.
Your expertise
- One to three years of experience in an offensive security role, such as penetration testing, and a desire to move into the world of red and purple teaming.
- Experience with offensive security tools, such as Metasploit, Nessus, Burp, Kali Linux / CommandoVM or C2 frameworks (e.g. Cobalt Strike, Brute Ratel, Sliver, Nighthawk).
- Experience in automation using Python, Bash, or other scripting language ideally coupled with the ability to experiment and tweak newly developed open-source tools written in scripting languages.
- Efficient documentation skills to capture the right level of detail at the right level of abstraction while creating process/dataflow/architecture diagrams, or documenting instructions.
- Knowledge and understanding of MITRE ATT&CK framework and TTPs of cyber attacks at a conceptual level.
- Knowledge and understanding of OPSEC concepts in attack emulation.
- Experience in a blue team role investigating cyber security incidents in a modern enterprise security environment (including SIEM, EDR, etc) is a big plus.
- Experience in system administration and/or engineering experience with Linux and Windows operating systems is a plus.
- Experience with OSINT, phishing / social engineering, vulnerability research, reverse engineering and exploit development is a plus.
- Experience with cloud (Azure, AWS) technologies is a plus.
- Experience programming in C, C++, C#, Rust, Nim or in Assembly is a plus.
- Offensive Security certifications (such as OSCP or OSEP), SANS certifications (such as GXPN, GPEN, GWAPT, GREM), or other training in red teaming operations are a plus.
About us
UBS is the world's largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors..
We have a presence in all major financial centers in more than 50 countries.
Join us
At UBS, we embrace flexible ways of working when the role permits. We offer different working arrangements like part-time, job-sharing and hybrid (office and home) working. Our purpose-led culture and global infrastructure help us connect, collaborate, and work together in agile ways to meet all our business needs.
From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know that it's our people, with their unique backgrounds, skills, experience levels and interests, who drive our ongoing success. Together we're more than ourselves. Ready to be part of #teamUBS and make an impact?
Disclaimer / Policy Statements
UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.
Created: 2024-07-03
Reference: 298924BR
Country: United States
State: North Carolina
City: Nashville