Managed Red Team Operator, X-Force Adversary Services

Introduction
At X-Force we help defenders continuously assess their real-world security. The X-Force Adversary Services team provides both traditional ad-hoc sophisticated red team exercises as well as continuous managed red teaming augmented by automation. As part of the X-Force Managed Red Team you’ll perform focused manual red team exercises for customers as well as oversee tasking and targeting automations via our attack platform to provide a continuous red team experience designed to mirror today’s adversaries not yesterday’s threats. We partner with security teams to help them understand the art of the possible by delivering an unrivaled attack experience at scale.

Your Role and Responsibilities
Have you ever been chomping at the bit to throw an amazing 0-day but you have to wait for the tooling to be stable enough to make it work? Have you ever been rushing to rapidly leverage an n-day disclosure because you’re certain you’re going to lose the only toehold you have and you need another point of presence? Do you know what it feels like to be the worst hacker worst hacker worst hacker worst hacker BEST HACKER EVER worst hacker worst hacker worst hacker? Yeah. Us too.

At IBM we help defenders continuously assess their real-world security. Our managed red team offering provides an experience designed to mirror today’s adversaries not yesterday’s threats. We partner with security teams to help them understand the art of the possible by delivering an unrivaled attack experience at scale.

As a Managed Red Team Operator within the Targeted Operations group you’ll be part of the IBM X-Force Adversary Services team. Our managed red team program leveraging cutting-edge X-Force methodologies and sophisticated capabilities on top of an Attack Platform which leveraged automation and manual red teaming to help customers improve their security programs. You’ll be responsible for inventing clever new ways of breaching customer networks and bypassing security controls and then you’ll work with our offensive engineers researchers and developers to drive those innovations throughout our toolset and across our customers. The work is frenetic but has a tremendous impact on our customers and the security market as a whole.

Simulating sophisticated threat actors takes industry leading offensive research advanced capabilities and mature methodology. We believe offensive research is essential to both simulating various sophistication levels of threat actors and enabling defenders to better understand defend and respond to attacks. IBM’s X-Force Adversary Services team is considered the top team in the industry because we leverage Continuous Capability Development and Delivery (C2D2) to drive research new tools and develop mature Standard Operation Procedures (SOPs) and to ensure all operators are delivering red team exercises to the highest technical standards. We leverage automation and AI in targeting tasking and analysis to free up our human operators to solve the more interesting challenges for hacking the world’s largest banks defense contractors and critical industries.

We are looking for individuals that are driven proactive thorough and forward looking and most of all know what’s needed to be part of an effective team.

Responsibilities of the Role:

• Grit. Grind. Motivation.
• Solving problems that do not have known solutions
• Discover identify and exploit vulnerable systems
• Plan and execute network operations against customer infrastructure
• Develop and prototype novel capabilities and techniques
• Research threats vulnerabilities and exploit techniques
• Debug exploits and related infrastructure
• Provide guidance and offense-related insights throughout IBM

Competencies required:

• Strong written and verbal communication skills in English
• Experience with offensive tooling and frameworks
• Experience modifying dotnet tooling to evade detection
• Experience with system-level debugging
• Ability to quickly configure test infrastructure
• Experience working with enterprise environments
• Experience with network or systems administration

Required Technical and Professional Expertise

• 5+ years of offense-related industry experience.
• Ability to develop/modify exploits and payloads to avoid defensive countermeasures.
• Understanding of real-world adversary operations methodologies tactics techniques and procedures. In particular the ability to apply frameworks (eg. MITRE ATT&CK™) in client engagements.
• Experience evading antivirus egress filtering and application allow listing.
• Experience with breaching external networks and cloud environments targeting Entera.
• Experience with several programming languages (Python C/C#/C++ Go).
• Ability to quickly configure test infrastructure.
• Experience working with C and various compiler toolchains.

Preferred Technical and Professional Expertise

• BA/BS in an Infosec related major or commensurate practical experience.
• History of presenting at security conferences.
• Track record in vulnerability research and CVE assignments.
• Knowledge of Windows APIs.
• Knowledge of EDR detection capabilities such as Carbon Black/CrowdStrike etc. and associated evasion techniques for behavioral based alerting.
• Demonstrated exploit payload or attack framework development experience.
• Expert level knowledge of Linux internals Active Directory Mac Windows workstations and servers or Software Development..
• Relevant certifications from organizations like Offensive Security’s OSCE SANS’ GXPN or CREST’s CSAT/CSAM or demonstrable equivalent skills.
• Prior security consulting experience