This is an excellent opportunity for an experienced, forward-looking red teamer (adversary attack simulation) to join enterprise security penetration testing capability at Expedia Group. This requires highly skilled and experienced penetration testing/red team specialists who can ensure Expedia Group has the ability to uncover and subsequently remediate vulnerabilities through the delivery of high vigilance and transparency.
Expedia Group is looking for a penetration tester to perform pen test on its infrastructure and applications. The scope of this role includes performing the full cycle of penetration testing engagements – from scoping, through threat modelling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting.
- Assess EG’s existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, competitive cyber games, etc.)
- Deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities
- Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection
- Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology
- Plan and execute complex red-team exercise by replicating, in a safe way, the tactics, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progresses to partners
- Responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Work with Threat Research team to develop red team scenarios consistent with real attacks as well as business lines understanding their threats
- 6+ years of experience executing large scale penetration testing / red team testing assessments of highly critical systems
- Ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
- Bachelor’s Degree in engineering, Computer Science/Information Technology or its equivalent with real passion for security researching
- Communication skillset to influence VPs, Directors, and other Technology Leaders to prioritize and execute remediation plans
- Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire,
- Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others
- OSCP, OSCE, GPEN, CREST or similar certifications will be a plus
- Strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other
Vacancy Type: Full Time
Job Functions: Information Technology
Job Location: Gurugram, Haryana, India
Application Deadline: N/A