Principle Red Team Engineer

Job Description

The Principle Red Team Engineer is a key role within the cybersecurity division, responsible for leading advanced penetration testing and adversarial simulation to assess and enhance the security posture of the organization. This role necessitates a blend of deep technical expertise, strategic thinking, and leadership skills, ensuring that the organization stays ahead of potential cyber threats.

Key Responsibilities

• Lead and execute complex red team engagements to simulate real-world cyber-attacks on the organization's infrastructure, applications, and data.
• Develop and implement methodologies for comprehensive penetration testing, identifying vulnerabilities and weaknesses in security controls.
• Collaborate with blue teams to validate the effectiveness of defensive measures and improve detection and response capabilities.
• Lead purple team exercises to integrate red and blue team activities, enhancing overall security effectiveness.
• Utilize threat intelligence to inform red team activities, ensuring simulations reflect current and emerging threat landscapes.
• Lead attack path mapping for threat modeling to identify, assess, and prioritize potential cyber threats and vulnerabilities.
• Produce detailed reports and presentations that articulate findings, vulnerabilities, and potential impacts to technical and non-technical stakeholders.
• Recommend actionable remediation strategies to mitigate identified vulnerabilities and improve overall security posture.
• Document red team methodologies, tools, and processes for knowledge sharing and continuous improvement.
• Mentor and train junior red team members, fostering a culture of continuous learning and professional development.

Qualifications

Education and Experience

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 5 years of experience in cybersecurity and red team roles.
• Proven track record of leading and executing complex red team engagements.

Technical Skills

• Deep understanding of network protocols, operating systems, and security architectures.
• Proficiency in penetration testing tools and frameworks such as Metasploit, Burp Suite, and Cobalt Strike.
• Experience with scripting and programming languages such as Python, PowerShell, and Bash.
• Knowledge of threat modeling, vulnerability assessment, and risk management practices.

Certifications

• Relevant industry certifications such as OSCP, OSCE, OSEP, CISSP, or GPEN.
• Continuous professional development through participation in cybersecurity training and conferences.

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.