Société : Park Lane Recruitment Lieu : Site source : Talent BE
Duties and Role:
Lead and/or be part of the Red/Purple Team during assessments; Develop and execute complex adversaryemulation scenarios; Create custom scripts in python to simulate attack activities; Utilize detections to improve the effectiveness of adversaryemulation scenarios; Create and use custom tools to automate and optimize the adversaryemulation process; Provide security design reviews to ensure compliance with company policies and directives; Provide security consultancy and advice to projects, plans, and other entities; Brief at both executive and technical levels on security reports and testing outcome; Ensure proactive collaboration and coordination with internal and external stakeholders; Ensure compliance with IT security, risk and compliance principles; Responds to ad-hoc tasks given by the chain of command.
Deliverables:
The main deliverables as will be:
Provide an average of 139 hours/month working on-site, embedded in the NCSC Penetration Testing and AdversaryEmulation Cell located in SHAPE, Casteau, Belgium.
·High-quality reports on the results of adversaryemulation assessments as directed by Lead Engineer NCSC.
Provide variety of deliverables associated to any duty (described in above).
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes.
The service provider shall be responsible for complying with all applicable local employment laws, in addition to following all SHAPE & NCIA on boarding procedures.
Delivery of the service cannot begin until these requirements are fulfilled.
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service.
The assessment will follow a brief familiarisation period.
The service provider shall not be required to work on NCIA holidays.
Requirements Skill, Knowledge & Experience :
The candidate must have a currently active NATO SECRET security clearance The contracted individual will have at least 3 years post-related experience.
The required skillset for the contracted individual is:
Proven experience in either penetration testing, red teaming or adversaryemulation for at least 3 years Understanding of the principles of adversaryemulation (red/purple teaming) Ability to develop and execute adversaryemulation scenarios Understanding of tactics, techniques and procedures of threat actors based on MITRE ATT&CK Framework Ability to create and execute custom scripts to simulate attack activities Understanding of the various types of detections available (defence in depth) Knowledge of the latest security trends and best practices Ability to create and use custom tools to automate and optimize the adversaryemulation process Knowledge of the principles of IT security, risk and compliance Experience with security testing tools and methodologies, such as fuzzing, static and dynamic application security testing, and penetration testing Knowledge in system and network administration of UNIX and Windows systems Use of penetration testing tools, techniques, and recognized testing methodologies Scripting skills in Python Technical knowledge in system and network security, authentication and security protocols, cryptography and application security Ability to evaluate risks and formulate mitigation plans Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences ParkLaneRecruitment
