Red Team Senior Manager

Come join one of the most dynamic cyber security teams in the industry! Intuit is looking for a highly experienced offensive security leader to act as manager for Intuit’s Red Team. You will leverage your considerable experience against one of the largest SaaS cloud deployments in the world, addressing complex security vulnerabilities, keeping our millions of customers safe from adversaries, and performing the best work of your life!

Responsibilities

• Plan and guide offensive security campaigns and activities related to in-depth red team assessments against Intuit-owned targets, in order to identify and quantify risks
• Drive the creation of high quality reports to enable stakeholder understanding of findings
• Drive the remediation of findings through stakeholder briefings and educational initiatives
• Design offensive security strategies, metrics, and reporting mechanisms
• Continually research offensive security tools and exploits
• Create requirements for exploit code, exploit tooling, and threat intelligence needs by the Red Team
• Drive and maintain training requirements for Intuit offensive security practitioners
• Be a mentor to team members, sharing your offensive security tradecraft and guidance

Minimum Requirements

• 6+ years in a cyber security role, including at least 4 years of experience in offensive security
• 4+ years of management experience in a cyber security role
• Experience in developing red team campaigns, pen test engagements, or planning related to offensive security
• Extensive knowledge of red team and offensive security methodologies and TTPs
• Experience in developing requirements for exploits and offensive security tooling
• Proven security experience with one or more Cloud Computing solution (AWS, GCP, Azure, etc)
• Experience with web exploitation
• Proven results utilizing vulnerability scanning and penetration testing tools and techniques
• Knowledge of reverse engineering and deep protocol analysis
• Knowledge of multiple security technologies such as firewalls, IDS/IPS, Web Proxies and DLP among others
• Experience with utilizing and deploying open source or commercial backdoors/rootkits, as well as accompanying C2 infrastructure
• Proficiency with enterprise operating systems, including Linux and Windows
• Knowledge of Python, or similar scripting language
• In-depth knowledge of TCP/IP networking and packet analysis
• Proven ability to have multiple projects and deadlines simultaneously
• Ability to identify and evaluate risk to IT systems and communicate risks to management
• Strong familiarity with at least one of the following: OWASP Top 10, MITRE ATT&CK, PTES, or NIST Vulnerability and Penetration Testing Standards
• Executive and engineer level briefing skills
• BS in Computer Science, Cybersecurity, or related field or equivalent relevant experience

Preferred Skills/Experience

• MS in Computer Science, Cybersecurity, or related field
• Professional level certifications related to Red Teaming/Penetration Testing (OSCP, GPEN, GWAPT, etc)
• Program Management Experience