Red Team Operator - Kuala Lumpur, Malaysia - Aveva

Aveva

Verified Company

Kuala Lumpur, Malaysia

1 week ago

Posted by:

Siti Tan

beBee Recruiter

Description

AVEVA is a global leader in industrial software.

Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably.

We're the first software business in the world to have our sustainability targets validated by the SBTi, and we've been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion.

We've also recently been named as one of the world's most innovative companies.

With a goal to further mature the red teaming capabilities (types of services, way of delivery, automation and customization required per environment etc), the Red Team Operator, under the guidance of Red Team Specialist and Manager, will keep on top of the constant changing knowledge of threat actors' tactics, techniques, and procedures to bring realistic and meaningful solutions to AVEVA.

Working with wider AVEVA security teams, blue teams, and other business stakeholders of AVEVA to help them utilize Red Team findings and outcomes of the offensive activities to better defend and mature AVEVA security stance.

Primary Duties- Assist Red Team Specialist to perform Red Team engagements and operation.- Assist Red Team Specialist to execute full-spectrum attack simulations (technology, social, physical).- Perform research to identify novel attack paths for ongoing and future Red Team engagements.- Research trends with regards to adversary tactics, techniques, and procedures, targeting, malware development and implementation.- Support Red Team Specialist with network/infrastructure design and maintenance for Red Team engagements.- Assist with automation of infrastructure and tool development.- Participate in ongoing interactive Purple Team activities through use of tools and manual testing.- Support Red Team Specialist to automate attack techniques, creating custom tooling for specific operations and contributing to general-purpose open-source tools- Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations.- Develop and maintain Red Team reporting dashboard for senior management team.- Collaborate with AVEVA's Cyber Security Response Team to improve detection and response capabilities.- Collaborate with AVEVA's Security Operation Team to propose defensive improvements to AVEVA's environments.- Collaborate with AVEVA's Security Compliance teams to propose process and policy enhancements and additions.- Collaborate with AVEVA's Vulnerability Management Team to prioritize remediation, mitigation, and exploitable vulnerability findings & severity.- Collaborate with AVEVA's Cyber Threat Intelligence & Hunting Team to provide an adversarial perspective input and prioritize ongoing and future Red Team engagements.- Collaborate with AVEVA's Security Awareness and Culture team to communicate information security policies, processes, and procedures across the business.- Create and maintain AVEVA Red Team documents to ensure these align with AVEVA Red Team vision and maturity plan.- Reports to Red Team Manager concerning Red Team area, security events & trends, residual risk, vulnerabilities, and other security exposures.

Additional Duties

Under the guidance of Red Team Manager:

Assist Cyber Security Response Team and Security Awareness Analyst with regular Phishing campaigns to help educate employees, consultants and contractors working for AVEVA based upon Incident data to target risky user groups.
Support Red Team Specialist on research and assess new threats intelligence and security alerts and tailor Red Team engagements accordingly in concoction with the vulnerability management team.
Improve AVEVA's Red Team service procedures and red team playbooks.
Support Red Team Specialist to assist with control improvements, identifying control weaknesses and contributes to vulnerability advisories.
Maintain awareness of applicable regulatory standards, upstream risks, and industry leading security practices.
Provide feedback and recommendations on existing and new security tools and techniques for the improvement of analysis, incident investigation and security controls.
Assist on reviewing and on-boarding of Red Team technologies and tools.
Contributes through security advisories, blogs, and other communication channels on current and emerging security threats to AVEVA assets and people via the security awareness programme.

Qualifications/Experience

Educational Qualifications

Minimum 5 years experience in at least three (3) of the following:
Red team operation and engagement
Network penetration testing and manipulation of network infrastructure-
API Security Testing-
Shell scripting or automation of simple tasks using Perl, Python, or Ruby
Developing, extending, or modifying exploits, shellcode using offensive tools i.e Pentesting Framework, Cobalt Strike, Core