Junior Red Teamer


Junior Red Teamer


The successfull candidate must be an Australian resident and have a VISA allowing them to work full-time.

Distinguishing Role Characteristics

The role is largely based in conducting state-of-the-art red team exercises and doing directed security research that will contribute significantly to clients. Ethics along with timeliness and an anticipatory vision in seeing beyond the obvious are valuable characteristics of the Junior Consultant who wishes to thrive at Mossé Security, for the purpose of future growth and advancement within our company.

Qualities

Beyond his or her technical skills, the successful applicant should first and foremost be someone who is personable and good-natured, neatly presentable, and efficient. Strong communication skills, both verbal and written, as well as interpersonal skills be considered as best matches with the culture and environment of the Company.

The candidate should also possess work ethics that include dedication and conscientiousness, with a sustained focus to deliver the best outcome to clients and consistently achieve client satisfaction through excellence. An entrepreneurship quality enhances and contributes to the culture within the company, ensuring a thriving environment. Choosing to do the very best of actions on a daily basis becomes actions which send a cultural message to other team members and eventually to the clients. A charismatic nature, consistent and sustained prioritization, and being on top of the game, are all key to making a success of this position.

Essential Duties and Responsibilities

  • Join our Red Team and deliver realistic attack simulations against our customers' networks
  • Contribute to the development of our Red Team Toolkit by rapidly reverse engineering malware samples, and writing offensive security code (primarily in Golang, C, and Python)
  • From time to time, conduct state-of-the-art penetration testing against web applications, network infrastructures, user workstations, network appliances and other really bizarre and intriguing devices and technologies
  • Write in-depth security report detailing your findings, including advisements on how to remediate the vulnerabilities to the client
  • Co-deliver training workshops and presentation to educate our clients on technical IT security

Required Knowledge and Skills

  • Write offensive security software such as: backdoors, keyloggers, password dumpers, spear phishing payloads, and webshells
  • Knowledgeable about the cyber kill-chain, and can demonstrate that he or she can: persist on a machine, escalate privileges, steal credentials and move laterally on other machines
  • Find and exploit vulnerabilities in web applications, network services and enterprise network infrastructures
  • Write in at least two of the following programming languages: C, Golang, Ruby and Python
  • Experienced and knowledgeable in reading Java, C#, C, PHP, Objective C
  • Experienced with databases: MySQL, Postgresql, Oracle
  • Experienced with basic security tools: Burp proxy, Metasploit, Nessus, Kali, and others

Education Profile

Preference will be given to the candidate who has a B.A. in IT Security and be certified by one of the leading security testing training certification such as Offensive Security, furthermore demonstrating a natural talented and gift for computer security.

  • University graduates with diplomas and certifications in technical IT security
  • Consultants possessing between 1 to 3 years of experience doing penetration testing.
  • bx0r 1337 hackers with no diplomas, however possessing 5 years of experience, and demonstrating a portfolio and a strong track record of his/her skills.

Inquiries


Technical Assessment

Challenge Description
Offensive Security Programming Write your own reverse shell with the following functionalities:
  • Resolves proxy settings and beacons back via HTTP/S
  • Executes commands
  • Uploads & downloads files
  • Reads & writes to the Windows registry
Offensive Security Programming Write a Windows DLL, that when loaded by any executable, runs your the reverse shell that you built in the previous exercise. Bonus points will go to applicants who build a reverse shell that can be compiled both at a standalone executable and a DLL.
Defence Evasion Download the latest version of Mimikatz's source code and modify so that it compiles new binaries that bypass anti-virus software. Email us your visual studio solution.
Spear Phishing
  • In notepad.exe, draft two (2) template spear-phishing emails that you think would work against regular employees of a target company
  • Prepare a weaponized HTML application that, when executed by the target, would, resolve proxy settings and download your reverse shell from the Internet

What Will We Assess?
  • Knowledge of OS Internals (Windows)
  • Knowledge of how real cyber attacks are conducted
  • Ability to write offensive security programs without depending on Metasploit
  • Ability to learn quickly and not give-up when confronted with difficult technical challenges

If you have fun solving the technical challenges above, you'll likely love working with us.

Act Now!

To apply to work for this position, please email your curriculum vitae and solutions to the technical assessment to [email protected]. If you succeed the technical assessment, we guarantee you an interview with us within ten (10) days of verifying your submission.