Role Profile :
Experian’s Red Team conduct advanced adversary emulation operations to challenge assumptions and emulate cyber and criminal threat actors targeting or attacking the business.
As a Red Team member, you will participate in the design and execution of campaign-based security operations for Experian, spanning a varying array of targets.
Successful team members must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies.
To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming.
All red team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge.
Responsibilities :
Engagement in all phases of Red Team security operations
Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
Perform network reconnaissance and open source intelligence gathering
Configure and safely utilize attack tools, tactics, and procedures against authorized Experian targets
Develop scripts, tools, or methodologies to enhance Experian's red teaming capabilities
Help to execute the Red Team strategy to further enhance Experian’s security posture
Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences
Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
Provide guidance to advance the defensive capabilities of the Security Operations Centre and its subsequent ability to defend the Experian Enterprise
Understand business processes, internal control risk management, IT controls and related standards
Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
Understand clients' business environment and basic risk management approaches
Build and nurture positive working relationships with internal clients with the intention to exceed their expectations
Required Experience :
Experience with Red, Blue, or Purple teaming exercises
Specialist skills :