Senior Offensive Security Operator (Red Team)

Senior Offensive Security OperatorThis position will be responsible for designing and delivering, both individually and collaboratively, security testing against a range of technologies and operational processes to continuously assess JLL’s global attack surface. The role will execute and provide custom written deliverables related to testing and remediation or mitigation guidance across a variety of engagements that are planned and ad hoc; long and short term; disclosed and undisclosed. The ideal candidate will be experienced and comfortable simulating adversaries with a range of capabilities and intents representative of the threat landscape.Primary ResponsibilitiesPlan, execute, and report on testing against managed and unmanaged devices running Windows, Linux, MacOS, and iOSPlan, execute, and report on authenticated and unauthenticated web application testing, to include executing specific attack methodologies targeting API vulnerabilitiesPlan, execute, and report on testing against cloud environments with a focus on identifying gaps in cloud-native security configurationsPlan, execute, and report on testing against embedded systems, with an emphasis on OT employed in commercial property technologiesPlan, execute, and report on testing against physical security and Wi-Fi vulnerabilitiesAbility to develop and execute custom tools as necessaryAbility, as part of Purple Team engagements, to develop and validate detection methodologies based on testing findingsAbility to advise developers on code-based fixes to address application vulnerabilities discovered during testingAbility to advise on hardening as well as identity proofing and authentication mechanisms to address vulnerabilities identified during testingJob Requirements8+ years of technical cybersecurity experience with at least 5 years of offensive security experienceExperience developing and conducting Red Team and Purple Team engagements against Enterprise IT users and online applicationsExperience with vulnerability discovery within and exploitation of embedded systemsExperience with reverse engineering both firmware and softwareExperience developing and deploying custom persistence and exfiltration toolsExperience writing and delivering reports from testing engagementsExperience leveraging testing findings to develop detection and prevention methodologies leveraging security technologies to include SIEM and EDRExperience executing web application penetration testsAbility to communicate remediation guidance to developersAbility to adapt and prioritize in a fast-paced work environmentExcellent written and oral communication skillsWork independently and within a team to build relationships and interact effectively with business partners. A desire to work within a diverse, collaborative, and driven professional environment.