Penetration Tester / Red Teamer

XM Cyber is looking for a superstar Penetration Tester / Red Teamer.

XM Cyber provides the first fully automated APT Simulation Platform to continuously expose attack vectors, above and below the surface, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of organizations’ security gaps. In effect, HaXM by XM Cyber operates as an automated purple team that fluidly combines red team and blue team processes. The position is located in Herzlyia.

If you are up for the challenge and you have the “XM factor”, come and join us!

A successful Red Teamer at XM Cyber should possess a deep understanding of information security threat tactics. You should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations.

At XM Cyber, you’ll be faced with complex security challenges and hands-on opportunities, simulating real-world targeted attacks, through the perspective of an advanced threat actor. Our main goal is to help our customers protect their environments through comprehensive real world automated testing. You are expected to quickly grasp new information and investigate new attack vectors. You will be expected to deep dive into new security tactics, techniques and procedures (TTPs) and properly assess their value to the product. You will get to work with some of the best security experts in the industry, motivating you to develop new skills as you progress through your career.

Required Skills:

  • Strong knowledge of current adversary techniques, tactics, and procedures
  • Hands-on experience performing penetration testing on large enterprise Windows networks
  • Thorough understanding of network protocols, data on the wire
  • Knowledge of common protocols such as HTTP, LDAP, KERBEROS, RPC, SSL, SSH etc.
  • Fundamental understanding of OS internals, memory allocators etc
  • Good knowledge of operating system internals, especially those relevant to authentication, access control, active directory and other facets of security
  • Proficiency in at least one scripting language (bash, python, powershell, etc.)
  • Ability to read, and audit C, C++
  • Autodidact and self-motivated
  • Ability to document and explain technical details in a concise, understandable manner

Preferred Skills and Experience:

  • Bachelor’s degree in a technical field
  • C++, C#, JavaScript Programming Experience
  • Experience in developing, extending, or modifying exploits, shellcode or exploit tools
  • Understanding of scale and performance aspects of real-time serving systems
  • Source code review for control flow and security flaws
  • Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg and/or other software analysis/debugging tools
  • Reverse engineering malware, data obfuscators, or ciphers
  • Industry certifications to include (but not limited to): OSCP, OSCE, GPEN
  • Experience with AWS/GCP/Azure