Junior Red Teamer


Junior Red Teamer


The successfull candidate must be an Australian resident and have a VISA allowing them to work full-time.

Role Characteristics

The role is largely based in conducting state-of-the-art red team exercises and doing directed security research that will contribute significantly to clients. Ethics along with timeliness and an anticipatory vision in seeing beyond the obvious are valuable characteristics of the Junior Consultant who wishes to thrive at Mossé Security, for the purpose of future growth and advancement within our company.

Essential Duties and Responsibilities

  • Join our Red Team and deliver realistic attack simulations against our customers' networks
  • Contribute to the development of our Red Team Toolkit by rapidly reverse engineering malware samples, and writing offensive security code (primarily in Golang, C, and Python)
  • From time to time, conduct state-of-the-art penetration testing against web applications, network infrastructures, user workstations, network appliances and other really bizarre and intriguing devices and technologies
  • Write in-depth security report detailing your findings, including advisements on how to remediate the vulnerabilities to the client
  • Co-deliver training workshops and presentation to educate our clients on technical IT security

Required Knowledge and Skills

  • Write offensive security software such as: backdoors, keyloggers, password dumpers, spear phishing payloads, and webshells
  • Knowledgeable about the cyber kill-chain, and can demonstrate that he or she can: persist on a machine, escalate privileges, steal credentials and move laterally on other machines
  • Find and exploit vulnerabilities in web applications, network services and enterprise network infrastructures
  • Write in at least two of the following programming languages: C, Golang, Ruby and Python
  • Experienced and knowledgeable in reading Java, C#, C, PHP, Objective C
  • Experienced with databases: MySQL, Postgresql, Oracle
  • Experienced with basic security tools: Burp proxy, Metasploit, Nessus, Kali, and others

Education

Preference will be given to candidates who hideally have a B.A. in IT Security. As well as, competent programmers, or 1337 hackers, with no diplomas, however demonstrating a portfolio and a strong track record of their skills.

Qualities

Beyond his or her technical skills, the successful applicant must possess work ethics that include dedication and consciensciousness. Strong communication skills, both verbal and written, as well as interpersonal skills are considered as best matches with the culture and environment of the Company.

Inquiries


Technical Assessment

Challenge Description
Offensive Security Programming Write your own reverse shell with the following functionalities:
  • Resolves proxy settings and beacons back via HTTP/S
  • Executes commands
  • Uploads & downloads files
  • Reads & writes to the Windows registry
Offensive Security Programming Write a Windows DLL, that when loaded by any executable, runs your the reverse shell that you built in the previous exercise. Bonus points will go to applicants who build a reverse shell that can be compiled both at a standalone executable and a DLL.
Defence Evasion Download the latest version of Mimikatz's source code and modify so that it compiles new binaries that bypass anti-virus software. Email us your visual studio solution.
Spear Phishing
  • In notepad.exe, draft two (2) template spear-phishing emails that you think would work against regular employees of a target company
  • Prepare a weaponized HTML application that, when executed by the target, would, resolve proxy settings and download your reverse shell from the Internet

What Will We Assess?
  • Knowledge of OS Internals (Windows)
  • Knowledge of how real cyber attacks are conducted
  • Ability to write offensive security programs without depending on Metasploit
  • Ability to learn quickly and not give-up when confronted with difficult technical challenges

If you have fun solving the technical challenges above, you'll likely love working with us.

Act Now!

To apply to work for this position, please email your curriculum vitae and solutions to the technical assessment to [email protected]. If you succeed the technical assessment, we guarantee you an interview with us within ten (10) days of verifying your submission.