Truist Red Team Operator in Charlotte, North Carolina
Req ID: R0046622
The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email toAccessibilityor call 877-891-2510 (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:
Language Fluency: English (Required)
1st shift (United States of America)
Please review the following job description:
The Truist Red Team conducts full spectrum adversary emulations in order to identify risk and assess the efficacy of controls from the perspective of real-world threat actors. Red Team findings and recommendations have an immediate and direct contribution to the defensive posture of the bank and the security of its customers.
The Red Team Operator will identify risk in the Truist environment through:
• Network Penetration Testing
• Web Application Penetration Testing
• Wireless Penetration Testing
• Social Engineering
• Physical Penetration Testing
As a result, the Red Team Operator will:
Have demonstrated experience conducting black box red teaming or penetration testing
Have proficiency with penetration testing tools, suites, and frameworks such as Cobalt Strike (Kits included), BurpSuite/OWASP Zap, Metasploit, Nessus, Nmap.
Have demonstrated experience with Python, JS, VBA, Bash, batch, Assembly, C/C++, Go, .Net, Java, or custom C2/implant development
Possess a strong foundational knowledge of networking, protocols, operating systems, active directory, git, Win32 API’s, and web applications
Possess a strong foundational knowledge of network controls (AV, EDR, WAF, etc.) as well as evasion strategies and techniques
Possess a foundational knowledge of up-to-date offensive/C2 infrastructure design and development
Have demonstrated experience documenting findings and remediation recommendations in a manner understandable to both technical and non-technical stakeholders
Be able to communicate findings and remediation recommendations to technical and non-technical stakeholders in a professional and articulate manner
Demonstrated experience of cloud-based architectures including Azure and AWS
Demonstrated experience conducting cloud penetration testing
Demonstrated experience developing or modifying existing exploits, shellcode, or offensive tools
Financial service industry experience
Desired Certifications: OSCP, OSEP, GPEN, GWAPT, eCPPT, eWAPT, CRTO, PNPT, etc.
Desired Education: High School Diploma, Bachelor’s Degree, Master’s Degree
Truist supports a diverse workforce and is an Equal Opportunity Employer who does not discriminate against individuals on the basis of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Drug Free Workplace.
Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name.
EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify
© 2017 SunTrust Banks, Inc. All rights reserved.
SunTrust is federally registered service marks of SunTrust Banks, Inc.