Red Team Specialist

"Making the world a safer and more secure place."

It’s our mission, plain and simple. It drives everything we do – from research to client work to community involvement. And it unifies our global team into an elite force with integrity, fierce passion, and relentless creativity that doesn’t just “push the envelope” or “think outside the box.” We shred the envelope, crush the box, and we have fun doing it. We are always looking for people who share our mission to join us.

About IOActive:

IOActive, a trusted partner for Global 1000 enterprises, provides research-fueled security services across all industries. Our cutting-edge cybersecurity teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every engagement to maximize cybersecurity investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle with global operations, including state of the art hardware hacking labs in Seattle, WA, Madrid, Spain and Cheltenham, UK.

IOActive Red Team Specialists perform multi-vector, chained attacks that include exploitation through physical, network, web, and social engineering methods with the goal of making our clients more secure and prepared to respond to real incidents. Activities involve planning and reconnaissance to identify critical assets and potential attack paths, exploitation of vulnerabilities resulting in infiltration of the environment, acting on the objectives of the campaign through post-exploitation, and documentation of actions and outcomes.

What you’ll do: 

• Work as part of a team performing Red and Purple Team Campaigns for IOActive clients, both remotely and on-site
• Perform adversarial emulation, assumed breach scenarios, post-exploitation, social engineering, and physical security testing
• Manage project tasks and deadlines on a multi-time-zone team
• Develop unique tools to assist in project goals
• Exploit vulnerabilities found in client’s people, processes, and technology; then clearly communicate complex vulnerabilities to both technical and non-technical client staff
• Create comprehensive technical reports explaining technical and business risk of the vulnerabilities found. This includes actionable recommendations/considerations for the client
• Participate in project conference calls with clients and on business development calls in support of sales activities
• Create and lead technical customer presentations
• Provide technical leadership/mentorship to the consulting team and to our clients on security topics
• Contribute to the security industry through presentations, whitepapers and/or research

 What you bring:

• Experience performing and leading covert red team operations and activities, including performing adversarial emulation, assumed breach scenarios, post-exploitation, social engineering, and physical security testing
• Penetration testing experience in Network, Web applications, Wireless networks, Physical security, and Social engineering
• Experience with C2 and post-exploitation frameworks, including Cobalt Strike, Empire, Metasploit, Throwback, and similar tools
• Understanding and proficiency with some of the following: Python, Ruby, PowerShell, Java, and Shell scripting
• Knowledge and experience with enterprise network/system/application architecture and design including complex environments utilizing Microsoft Windows, Active Directory, and Linux
• Deep understanding on Windows and Linux systems administration and post-exploitation activities on each platform
• Ability to present complex material in a digestible, consumable manner to all levels of management
• Highly experienced with OS, services, and application hardening
• Strong ability to find vulnerabilities and develop proof of concepts
• Ability and desire to travel at least 50% of the time – both nationally and globally

What We Offer 

🎯 A chance to work with an industry leader in cyber security

💡 Access to world-class technical teams and research

🏆 A high-energy, collaborative team that values innovation

💻 Flexibility—work remotely or from the office as needed

✈️ Opportunities for travel

💰 Competitive compensation and performance-based incentives

Compensation Range: 100,000 to 150,00 USD, based on location and experience level.

If this sounds like your kind of challenge, we’d love to hear from you. Let’s talk!

Why IOActive:

We have over 25 years of experience that’s established and stable; yet high-growth with the energy, passion and dynamic work environment of a startup. We are renowned for our innovation and thought leadership within our high-profile, cutting edge space. We're one of “the good guys” doing crazy cool stuff to thwart bad guys in a critically important business, social and political arena. Our work is great fun with great importance. Above all else, we value our people and our customers. Relationships matter.

IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. IOActive makes hiring decisions based solely on qualifications, merit, and business needs at the time.