Senior Pentester - Red Team

C.H. Robinson is seeking a Senior Penetration Tester - Red Team to join our Warsaw office and global team. This role will focus primarily on Application Security, with a strong emphasis on penetration testing. You will lead and develop red team exercises, playing a key role in our ongoing efforts to implement comprehensive red teaming practices. Your responsibilities will include conducting hands-on penetration testing and red team assessments of our critical business assets to identify and address vulnerabilities in our applications, enhancing our overall security posture. Your role will also involve integrating offensive security practices into our SDLC to ensure our systems are resilient against potential threats.

Join us at C.H. Robinson and be part of a team that values innovation, collaboration, and excellence. Apply now and help us stay one step ahead of the threats!

Responsibilities:

• Plan, execute, and communicate red team exercises to simulate cyber threats, identify vulnerabilities, and evaluate security effectiveness.
• Integrate Offensive Security into SDLC by collaborating with development teams to embed security practices, including threat modeling and proactive testing.
• Conduct regular Vulnerability Assessment and Penetration Testing (VAPT) to discover and exploit security flaws, providing detailed findings and recommendations.
• Develop and employ custom tools and techniques for threat simulation, enhancing preparedness against potential attacks.
• Collaborate closely with defensive teams to improve security strategies based on insights from offensive operations.
• Act as a security training expert, contributing to developer training programs and promoting a security-first mindset.
• Stay updated on the latest cybersecurity trends and offensive techniques to ensure our practices remain effective and current.

Required Qualifications:

• Minimum of 5 years of experience in cybersecurity, with a strong focus on red teaming, penetration testing, or similar activities.
• Expertise in multiple offensive security tools and frameworks, especially MITRE ATT&CK and MITRE ATLAS.
• Solid understanding of OWASP top 10s (Web application, API, CI/CD, LLM, and more).
• Proficiency in API security testing and exploitation.
• Strong understanding of the software development lifecycle and application security.
• Solid knowledge of programming/scripting languages;C# and Python knowledge are essential.
• Strong analytical and problem-solving abilities, coupled with a proactive approach to identifying and mitigating security risks and an ability to think like an adversary.
• Team player with a growth mindset.
• Ability to work independently and manage multiple tasks.
• Strong ethical standards and understanding of the legal implications of penetration testing.

Preferred Qualifications:

• Exposure to GenAI/LLM red teamexercise.
• OS security (Windows & Linux); Kubernetes Security; Cloud security – Azure.
• Certifications such as OSCP, OSCE, or similar.
• Knowledge of regulatory compliance and security standards – NIST-CSF.
• Good understanding of NIST SP 800-115, OSSTMM(Open Source Security Testing Manual).
• Experience in DevSecOps practices.
• Knowledge of mobile applications and device security testing (iOS/Android).

What does C.H. Robinson offer you? 

• Contract of employment (umowa o pracę).
• Package of benefits (private medical care - Medicover, sports card, cafeteria system, unlimited access to training platform Percipio and GoFluent, Employee Assistance Program ICAS, language classes with native speakers).
• Cutting-edge workspace in our brand-new, state-of-the-art Studio building, relocating in June 2024. Enjoy exceptional perks including a terrace, intelligent focus spaces, a pool table, a private gym, and many more in a prime location for your career growth.
• Hybrid working model from our Technology office in Warsaw.
• An opportunity to use and develop your language skills in our international work environment.