Description:
As a Senior Security Consultant at Secneural, you will play a crucial role in assessing and enhancing the security posture of our clients. The ideal candidate will possess advanced expertise in Active Directory penetration testing, red team assessments, adversary simulation, physical penetration testing, and the ability to develop and execute sophisticated phishing simulations. Additionally, the candidate should demonstrate proficiency in bypassing Network Access Control (NAC), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP) solutions.
Key Responsibilities:
Active Directory Pentest and Red Team Assessments:
- Conduct comprehensive penetration tests on enterprise networks and Active Directory environments to identify vulnerabilities and weaknesses.
- Execute red team assessments to simulate real-world cyber threats and evaluate defense mechanisms.
Adversary Simulation:
- Develop and implement advanced adversary simulations to assess the resilience of client systems against sophisticated threats.
- Provide detailed reports with actionable recommendations based on simulation outcomes.
- Well versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.
Physical Penetration Testing:
- Perform on-site physical penetration tests to evaluate the security of physical infrastructure and access controls.
- Identify vulnerabilities related to physical security and propose effective mitigations.
Phishing Simulations:
- Design and execute realistic phishing simulations to assess the susceptibility of client personnel to social engineering attacks.
- Develop and deliver training programs to enhance employee awareness and response to phishing threats.
Bypassing NAC, EDR, and DLP Solutions:
- Evaluate, identify, and exploit weaknesses in Network Access Control (NAC), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP) solutions.
- Develop and implement strategies to bypass or overcome security measures effectively for Lateral Movement and Persistence.
- Proficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.)
Qualifications:
- 5+ years of proven experience in cybersecurity, with a focus on penetration testing and red teaming.
- Expertise in Azure and On-prem Active Directory exploitation techniques.
- Hands-on experience in physical penetration testing.
- Strong knowledge of adversary simulation techniques.
- Expertise in Layer 2 attacks.
- Ability to design and execute phishing simulations.
- Familiarity with a variety of NAC, EDR, and DLP solutions.
- Relevant industry certifications such as OSCE, OSEP CRTP, CRTE, CRTO, or equivalent are highly desirable.