Job Requisition ID: 35801 Work in a highly innovative and transformative business Mentoring, growth and training – receive support and coaching to progress your career Preventive and supportive mental health initiatives What will your typical day look like? Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization. Key Role Responsibilities: You will be leading a small team of Red Team Operators in the planning, execution, and reporting of Red Team engagements around the globe. This includes, but is not limited to: Performing intelligence gathering against target networks, people, processes, and technologies. Finding creative ways to obtain a foothold in a target network. Delivering malware and establishing command and control (C2). Moving stealthily within target networks, satisfying the campaign objectives, while staying undetected by the blue teams. Establishing persistence and strategically tuning long-haul beacons to maintain long-term footholds where necessary. Ensuring adherence to the Rules of Engagement during every step of the Red Team engagements. Maintaining operational oversite of all actions conducted during Red Team engagements. Ensuring that every action is planned, executed, and logged properly at all times by every operator. Maintaining in-depth documentation and auditing of actions taken during Red Team operations, at all times, for the purposes of deconfliction and non-repudiation. Identifying and acting on opportunities to train and mentor other members of the Red Team. Assisting in the management of the Red Team Attack Network and the implementation of new tools and techniques to improve the team's tradecraft. Sharing your research within the Deloitte Global Red Team community, and with the broader security organization, by writing blogs, speaking at conferences, or publishing code. Developing operational processes, field manuals, and attack methodologies to continuously improve the quality of engagements and knowledge sharing amongst the team. Ensure deliverables meet the quality and timeliness expected of a world-class Red Team. Working closely with a wide variety of Deloitte's industry leading information security teams to identify and reduce risk around the globe. About the teamDeloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived. Enough about us, let's talk about you. You are someone with: Required: 3+ years of Red Team experience. A passion for offensive security and Red Team operations, and a drive to stay up to date with modern attack techniques, public breaches, and new vulnerabilities. A deep understanding of threat actor tactics, techniques, and procedures (TTPs). Experience with, and a deep understanding of, digital forensics and incident response capabilities and procedures. Experience with leading Red Team Operations against companies and their associated people, processes, and technologies. The ability to create, update, and maintain documentation ranging from Red Team TTPs to governing documentation as needed. Experience with enumerating and attacking Windows Active Directory and Azure EntraID environments. Experience leading the designing, building, maintaining, and utilization of covert C2 infrastructure in various cloud platforms and environments. Automation experience is a plus! Experience with modern malware development and obfuscation techniques. A deep understanding of enterprise security architecture and the associated security controls. A deep understanding of monitoring, detections, and indicators of compromise/attack, and the implications they have on covert Red Team Operations. Hands on experience working with industry leading Red Team tools like Cobalt Strike, Nighthawk C2, Bloodhound, Evilginx2, etc... Preferred: Relevant certifications such as OSCP, OSCE, OSEP, OSED, OSEE, CRTP, CRTE, etc. Public examples of blogs, conference talks, and open-source tooling demonstrating your expertise. Experience operating against security products such as Microsoft Defender for Endpoint/Identity and CrowdStrike Falcon. Experience with Social Engineering (physical, phishing). Experience with Outflank OST. Experience automating infrastructure deployment with Ansible and Terraform. Experience leading red teaming efforts.
