Assistant Lead Engineer - Red Team (Risk & Control Assurance)

Position Overview

The Synapxe Red Teaming simulates real-world cyber attacks and conducts advance security testing with the objective to strengthen our public healthcare cybersecurity posture.

As a member of Synapxe Red Teaming, you will be responsible for carrying out adversarial attack simulation exercises (i.e. red and purple teaming exercises), and proactive offensive security testing on the IT assets in public healthcare by simulating the Tactics, Techniques and Procedures (TTPs) used by real-world sophisticated Advanced Persistent Threat (APT) actors.

You will research on APT actors’ new TTP and develop new attack modus operandi that includes development and modification of exploits for red and purple teaming exercises and other security testing engagements.

Role & Responsibilities

• Plan and conduct adversarial attack simulation exercises and other security testing to test and validate the effectiveness of public healthcare’s cyber defence and response plan against prevalent cyber threats.
• Lead security testing engagements and assist other team members in carrying out adversarial attack simulation exercises and security testing engagements.
• Conduct purple teaming exercises in collaboration with blue teams such as SOC, IR, infra, and other security teams.
• Conduct security testing on new products that could be used in public healthcare.
• Constantly keep up with the latest TTPs used by APT actors.
• Research, modify and test exploits for preparation of adversarial attack simulation exercises and other security testing.
• Review the risk of technical reports conducted by the team or 3rd parties to determine severity of the findings and recommend mitigating controls.
• Document all research and testing results and conduct regular knowledge sharing session with the team.
• Manage and expand the attack infrastructure and testing environment.

Requirements

• At least a Bachelor degree in cybersecurity, IT, computer science, engineering or equivalent.
• 5 or more years of cybersecurity experience, including at least 4 years in penetration testing and/or adversarial attack simulation exercises.
• Experience in setting and managing attack and testing infrastructure in both cloud and on-premises.
• Experience in developing and modifying exploit codes or testing tools, and possess good knowledge in programming and scripting languages such as C/C++, C#, Java, Python.  Experience in reverse engineering will be advantageous.
• Experience in security solution architecting and implementation of using AI in adversarial attack simulation exercises or security testing will be advantageous.
• Strong interpersonal skills with the ability to communicate with internal and external stakeholders including explaining technical concepts to non-technical audiences.
• Ability to work independently with minimal supervision and a good team player to succeed as a team.
• Possess the “can do” attitude and “think out of the box” mindset.
• Familiarity with the cyber kill chain methodology, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF), etc.
• Relevant professional certifications in cybersecurity will be advantageous.  For example, OSCP, SANS GIAC, CISSP, etc.

Apply Now

NOTE: It only takes a few minutes to apply for a meaningful career in HealthTech - GO FOR IT!!