Senior Information Security Engineer - Ethical hackers team

Your main responsibilities:

• planning and running Red Team Cyber Operations - Red/Blue team exercises, breach attack simulations (BAS), DDoS attack simulations, etc.

• supporting vulnerability management program, social engineering attacks against employees, research of selected cyber tools, tactics, processes within company's environment, tests point security controls and attack techniques (MITRE ATTACK), and other.

• work closely with Cyber Defense Center Monitoring, Incident Response Team (CSIRT) and Security Engineering teams.

Summary of responsibilities:

• Running of attack simulations (manual and automated)

• Design, develop DDoS simulations / attacks against company infrastructure

• Testing new vulnerabilities and their mitigation

• Research cyber threats and simulate selected TTPs (tools, tactics and processes)

• Planing and executing social engineering attacks against internal employees.

• Testing of SIEM and other technologies detection capability of specific attacks (MITRE ATTACK framework).

• Support security incident response function for selected situations, test prevention and containment counter measures, validate exposure, hunt for specific artifacts, other.

• Support Security Analysts’ training and development program - running demonstrations, workshops and Red/Blue team exercises.

• Experience in Penetration Testing, “white hacking” and Red Team concepts

• Very good programing language skills (Python, Shell, PowerShell, C#) and system administration capabilities (to run RT infrastructure)

• Good understanding of Common Cyber Attack techniques and principles - MITM, Cyber Kill Chain, MITRE ATTACK framework

• Good understanding of Distributed Denial of Service attack (DDoS) techniques and in general Internet / network protocols.

• Experience in Information Security Incident Response management (ISIRT/CSIRT).

• Understanding of Intrusion Prevention Systems (IPS on host and network level), EndPoint Protection Platform (EPP), EndPoint Detection and Response (EDR) and Security Information and Event Management (SIEM) solutions.

• Understanding of Information Security common body of knowledge - ISC2, SANS, ISO270xx, OWASP.

• Understanding of Threat and Vulnerability Management (TVM) practices.

• Opportunity to become a member of great team of IT professionals, future professional development

• Home office possibilities

• Permanent contract

Except good money and yearly bonus you will be provided by following benefits: Company car, pension plan, CAFETERIA program, 25 days of holiday , salary compensation due to illness, fully covered lunch vouchers, Multisport card, etc