Red Team Operator

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.

For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.

The Red Team operator will have experience in conducting offensive security assessments, penetration testing, and red teaming exercises to identify vulnerabilities in our AVEVA's systems, networks, and applications. As a Red Team Operator, he/she will be responsible for working with the Red Team Security Manager to simulate realistic cyberattacks in controlled environment and systems, identify vulnerabilities, and help to improve overall security posture.

With a goal to further mature the red teaming capabilities (types of services, way of delivery, automation and customization required per environment etc), the Red Team Operator, under the guidance of Red Team Security Manager, will keep on top of the constant changing knowledge of threat actors’ tactics, techniques, and procedures to bring realistic and meaningful solutions to AVEVA. Working with wider AVEVA security teams, blue teams, and other business stakeholders of AVEVA to help them utilize Red Team findings and outcomes of the offensive activities to better defend and mature AVEVA security stance.

Roles and Responsibilities:Primary Duties

• Assist Red Team Security Manager to perform Red Team engagements and operation.

• Assist Red Team Security Manager to execute full-spectrum attack simulations (technology, social, physical).

• Perform research to identify novel attack paths for ongoing and future Red Team engagements.

• Research trends with regards to adversary tactics, techniques, and procedures, targeting, malware development and implementation.

• Support Red Team Security Manager with network/infrastructure design and maintenance for Red Team engagements.

• Assist with automation of infrastructure and tool development.

• Participate in ongoing interactive Purple Team activities through use of tools and manual testing.

• Support Red Team Security Manager to automate attack techniques, creating custom tooling for specific operations and contributing to general-purpose open-source tools

• Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations.

• Collaborate with AVEVA’s Cyber Security Response Team to improve detection and response capabilities.

• Collaborate with AVEVA's Security Operation Team to propose defensive improvements to AVEVA’s environments.

• Collaborate with AVEVA’s Security Compliance teams to propose process and policy enhancements and additions.

• Collaborate with AVEVA’s Vulnerability Management Team to prioritize remediation, mitigation, and exploitable vulnerability findings & severity.

• Collaborate with AVEVA’s Cyber Threat Intelligence & Hunting Team to provide an adversarial perspective input and prioritize ongoing and future Red Team engagements.

• Collaborate with AVEVA’s Security Awareness and Culture team to communicate information security policies, processes, and procedures across the business.

• Create and maintain AVEVA Red Team documents to ensure these align with AVEVA Red Team vision and maturity plan.

• Reports to Red Team Security Manager concerning Red Team area, security events & trends, residual risk, vulnerabilities, and other security exposures.

Additional Duties

• Assist Cyber Security Response Team and Security Awareness Analyst with regular Phishing campaigns to help educate employees, consultants and contractors working for AVEVA based upon Incident data to target risky user groups.

• Support Red Team Security Manager on research and assess new threats intelligence and security alerts and tailor Red Team engagements accordingly in concoction with the vulnerability management team.

• Improve AVEVA’s Red Team service procedures and red team playbooks.

• Support Red Team Security Manager to assist with control improvements, identifying control weaknesses and contributes to vulnerability advisories.

• Maintain awareness of applicable regulatory standards, upstream risks, and industry leading security practices.

• Provide feedback and recommendations on existing and new security tools and techniques for the improvement of analysis, incident investigation and security controls.

• Assist on reviewing and onboarding of Red Team technologies and tools.

• Contributes through security advisories, blogs, and other communication channels on current and emerging security threats to AVEVA assets and people via the security awareness programme.

Educational Qualifications

Minimum 5 years' experience in at least three (3) of the following:

• Red team operation and engagement

• Network penetration testing and manipulation of network infrastructure

• Mobile and/or web application assessments

• API Security Testing

• Email, phone, or physical social-engineering assessments

• Shell scripting or automation of simple tasks using Perl, Python, or Ruby

• Developing, extending, or modifying exploits, shellcode using offensive tools i.e Pentesting Framework, Cobalt Strike, Core Impact, Burp, etc.

• Reverse engineering malware, data obfuscators, or ciphers

• Source code review for control flow and security flaws

• Application security review and testing

• Security risk assessment

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.
 
Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.