Security Professional

Job Title: HCL BigFix Red Team Leader

Exp - 8+ Yrs.

About HCLSoftware

HCLSoftware, a division of HCLTech, develops, markets, sells, and supports transformative solutions across business and industry, intelligent operations, total experience, data and analytics, and cybersecurity. We empower over 20,000 global organizations, including a majority of the Fortune 100 and almost half of the Fortune 500, committed to driving customer success through relentless innovation.

Website

https://www.hcl-software.com/

Summary:

The Red Team Leader is responsible for leading and mentoring a team of security professionals in the execution of offensive security assessments, penetration testing, and red team exercises. This role requires a deep understanding of attack methodologies, vulnerability research, and security best practices, as well as strong leadership and communication skills. The Red Team Leader will play a crucial role in improving the organization's security posture by identifying weaknesses and providing actionable recommendations.

Responsibilities:

• Leadership & Mentorship: Lead, mentor, and develop a high-performing red team, fostering a culture of continuous learning and improvement. This includes performance reviews, training recommendations, and career development guidance.
• Planning & Execution: Plan, scope, and execute complex red team exercises, penetration tests, and vulnerability assessments, simulating real-world attacks to identify security weaknesses.
• Methodology & Tooling: Develop and maintain red team methodologies, tools, and infrastructure. Research and evaluate new attack techniques and tools to stay ahead of evolving threats.
• Reporting & Communication: Prepare and deliver clear, concise, and actionable reports to management and technical teams, outlining identified vulnerabilities, risks, and remediation recommendations. Effectively communicate complex technical issues to both technical and non-technical audiences.
• Collaboration: Collaborate closely with blue teams, incident response teams, and other security stakeholders to improve the organization's overall security posture. Facilitate knowledge sharing and cross-training.
• Vulnerability Research: Conduct vulnerability research and exploit development to identify zero-day vulnerabilities and develop proof-of-concept exploits. (Sometimes a separate role, but often expected of senior red team members/leaders)
• Threat Intelligence: Stay up-to-date with the latest threat intelligence, attack techniques, and security vulnerabilities to ensure red team exercises are realistic and relevant.
• Process Improvement: Continuously improve red team processes, methodologies, and reporting to maximize effectiveness and efficiency.
• Compliance: Ensure all red team activities are conducted within legal and ethical boundaries, adhering to relevant industry regulations and compliance standards.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Security, or a related field preferred. Relevant certifications (e.g., OSCP, OSCE, GPEN, CEH) are highly desirable.
• Experience: Extensive experience (typically 5+ years) in penetration testing, red teaming, and offensive security. Demonstrated leadership experience.Experience in HCL BigFix is beneficial, but not required.
• Technical Skills: Deep understanding of network protocols, operating systems, web applications, and security tools. Proficiency in scripting languages (e.g., Python, Bash) and penetration testing frameworks (e.g., Metasploit, Cobalt Strike). Experience with various attack techniques (e.g., social engineering, phishing, exploit development).
• Soft Skills: Excellent communication, interpersonal, and leadership skills. Ability to work effectively in a team environment. Strong analytical and problem-solving skills.
• Mindset: A strong attacker mindset with a passion for security and a drive to find vulnerabilities. Ethical and professional conduct.

Preferred Qualifications:

• Experience in large scale enterprise software development.
• Experience with cloud security assessments.
• Knowledge of security architecture and design.