Job Summary
As a Sr. Red Team Engineer & Developer, you will conduct Red Team engagements and proactively uncover security risks, equipping the Global Fusion Center (GFC), and Tokio Marine Group Companies with advanced offensive capabilities to remediate cyber risks. You will rapidly grow to understand the Group Companies’ business priorities and ways Red Team engagements can help to uncover and mitigate cyber risks. You will develop custom tools to bypass EDRs and various detections in addition to performing security research and building infrastructure to further Red Team’s capabilities.
Essential Job Functions
- Set scope, objectives, and timelines for Red Team engagements and leverage data to create meaningful metrics
- Propose, plan, and execute Red Team engagements based on real-world cyber threats
- Develop tools, methodologies, and infrastructure to support Red Team engagements
- Deliver well-written technical and executive-level Red Team reports and briefings
- Align with counterparts globally including GFC-Japan to build and enforce standards and frameworks pertaining to Red Team engagements and findings
- Present Red Team reports and findings to executives and non-technical audiences.
Qualifications
- 3-5 years Red Team (Adversary Simulation) experience working in a technical role
- Experience conducting hands-on technical Red Team and/or government computer network exploitation/attack operations experience
- Deep knowledge and hands-on experience using, modifying, and customizing red teaming post exploitation frameworks and Command & Control (C2) frameworks
- Experience in developing payloads that bypass A/V and EDR solutions for use in various phases of red team engagements
- Experience in software development, including red teaming tools, custom malware, trojans, shellcode, etc., using low-level languages (C, C++, assembly, etc.)
- Possess advanced knowledge of Windows & Linux internals, including kernel module development, system calls, and other operating systems internals and how to leverage them for offensive security purposes
- Ability to mentor junior engineers on red team tradecraft
- Experience in professionally delivering technical and executive-level red team reports and briefings
- Knowledge of common bugs or misconfigurations in software and cloud infrastructure (AWS, GCP, and Azure)
- Industry security certification (GPEN, GXPN, OSCE, OSCP, CRTO) preferred
- Fluency in a foreign language is highly desirable, but not required
- Bachelor’s Degree preferred
EEO Statement
Tokio Marine Group of Companies (including, but not limited to the Philadelphia Insurance Companies, Tokio Marine America, Inc., TMNA Services, LLC, TM Claims Service, Inc. and First Insurance Company of Hawaii, Ltd.) is an Equal Opportunity Employer. In order to remain competitive we must attract, develop, motivate, and retain the most qualified employees regardless of age, color, race, religion, gender, disability, national or ethnic origin, family circumstances, life experiences, marital status, military status, sexual orientation and/or any other status protected by law.
