We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Senior Offensive Security Operator (Red Team)

JLL
United States, Illinois, Chicago
200 East Randolph Street (Show on map)
Nov 12, 2024
Senior Offensive Security Operator

This position will be responsible for designing and delivering, both individually and collaboratively, security testing against a range of technologies and operational processes to continuously assess JLL's global attack surface.The role will execute and provide custom written deliverables related to testing and remediation or mitigation guidance across a variety of engagements that are planned and ad hoc; long and short term; disclosed and undisclosed.The ideal candidate will be experienced and comfortable simulating adversaries with a range of capabilities and intents representative of the threat landscape.

Primary Responsibilities
Plan, execute, and report on testing against managed and unmanaged devices running Windows, Linux, MacOS, and iOS
Plan, execute, and report on authenticated and unauthenticated web application testing, to include executing specific attack methodologies targeting API vulnerabilities
Plan, execute, and report on testing against cloud environments with a focus on identifying gaps in cloud-native security configurations
Plan, execute, and report on testing against embedded systems, with an emphasis on OT employed in commercial property technologies
Plan, execute, and report on testing against physical security and Wi-Fi vulnerabilities
Ability to develop and execute custom tools as necessary
Ability, as part of Purple Team engagements, to develop and validate detection methodologies based on testing findings
Ability to advise developers on code-based fixes to address application vulnerabilities discovered during testing
Ability to advise on hardening as well as identity proofing and authentication mechanisms to address vulnerabilities identified during testing

Job Requirements
8+ years of technical cybersecurity experience with at least 5 years of offensive security experience
Experience developing and conducting Red Team and Purple Team engagements against Enterprise IT users and online applications
Experience with vulnerability discovery within and exploitation of embedded systems
Experience with reverse engineering both firmware and software
Experience developing and deploying custom persistence and exfiltration tools
Experience writing and delivering reports from testing engagements
Experience leveraging testing findings to develop detection and prevention methodologies leveraging security technologies to include SIEM and EDR
Experience executing web application penetration tests
Ability to communicate remediation guidance to developers
Ability to adapt and prioritize in a fast-paced work environment
Excellent written and oral communication skills
Work independently and within a team to build relationships and interact effectively with business partners.
A desire to work within a diverse, collaborative, and driven professional environment.
Applied = 0

(web-5584d87848-9vqxv)