Offensive Security Analyst II

Who We AreRobert Half, one of FORTUNE’s World’s Most Admired Companies and a Fortune 100 Best Companies to Work For is hiring an Offensive Security Analyst II to join the Enterprise Information Security team.This individual is responsible for assisting with continuous development of day-to-day operations of the Enterprise Information Security (EIS) organization and to help introduce efficiencies that can streamline internal processes and procedures to drive automation & operational maturity. The candidate would have the ability to research, develop, and keep abreast of testing tools, techniques, and process improvements in support of vulnerabilities, Proof-of-concepts, in-the-wild exploits, security detection, analysis and response.What You'll DoPerform penetration testing of company owned application, networks, and systems.Perform web application and cloud discovery, enumeration, and exploitation.Assist in red team operations and adversary emulation exercises.Assess and communicate the operational risks of exploitation.Create testing plans and methods to find and confirm vulnerabilities.Scope and assess the time needed to complete operational testing tasks.Modify and adapt public exploit code and tools to meet operational requirements.Utilize and develop automation where possible to save time and gain efficiency.Serve as a subject matter expert to the organization for offensive security topics.Provide expertise to security operations, threat intelligence, and forensics, as needed.Work independently and troubleshoot technical and business process related issues.Experience supporting a variety of different offensive engagements for a large enterprise.Ability to present complex topics, simply, to varying levels of the organization.What You'll NeedBachelor's degree in Computer Science, Information Security or other related field preferred or 3+ years’ required experience in related field.3+ years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, database design and computer/network administration. Minimum 2+ years experience in Information Security required.OSCP, CRTO, GPEN or other penetration testing or red team certification(s) preferred.Basic experience using penetration testing security tooling, such as Kali Linux.Basic experience using Burp suite or similar web application hacking tools.Basic experience using command and control frameworks such as Cobalt Strike.Basic experience with programming/scripting languages: e.g. Python, PowerShell.Basic experience bypassing controls such as antivirus or web application firewalls.Basic knowledge of networking concepts protocols and encryption.Basic knowledge of Active Directory discovery, enumeration, and exploit methods.Basic knowledge of application security best practices and tools.Basic knowledge of operating system best practices and tools.Basic knowledge reading/writing/modifying malicious code.Excellent time management and ability to track and deliver on commitments.Excellent adaptability and ability to learn complex technical skills quickly.Excellent written and verbal skills.The typical annual salary range for this position is shown below and is negotiable depending upon experience and location.$85,000.00 - $124,000.00