Principal Red Team Engineer
USA - New Jersey - Rahway
Job Description
The Principle Red Team Engineer is a key role within the cybersecurity division, responsible for leading advanced penetration testing and adversarial simulation to assess and enhance the security posture of the organization. This role necessitates a blend of deep technical expertise, strategic thinking, and leadership skills, ensuring that the organization stays ahead of potential cyber threats.
Key Responsibilities
Lead and execute complex red team engagements to simulate real-world cyber-attacks on the organization's infrastructure, applications, and data.
Develop and implement methodologies for comprehensive penetration testing, identifying vulnerabilities and weaknesses in security controls.
Collaborate with blue teams to validate the effectiveness of defensive measures and improve detection and response capabilities.
Lead purple team exercises to integrate red and blue team activities, enhancing overall security effectiveness.
Utilize threat intelligence to inform red team activities, ensuring simulations reflect current and emerging threat landscapes.
Lead attack path mapping for threat modeling to identify, assess, and prioritize potential cyber threats and vulnerabilities.
Produce detailed reports and presentations that articulate findings, vulnerabilities, and potential impacts to technical and non-technical stakeholders.
Recommend actionable remediation strategies to mitigate identified vulnerabilities and improve overall security posture.
Document red team methodologies, tools, and processes for knowledge sharing and continuous improvement.
Mentor and train junior red team members, fostering a culture of continuous learning and professional development.
Qualifications:
Required Education and Experience:
Bachelor's degree in Computer Science, Information Security, or a related field.
Minimum of 5 years of experience in cybersecurity and red team roles.
Proven track record of leading and executing complex red team engagements.
Individuals within a commutable distance (50 miles or less) to Rahway, NJ office location will be required to work hybrid schedule (3 days per week in office).
Technical Skills:
Deep understanding of network protocols, operating systems, and security architectures.
Proficiency in penetration testing tools and frameworks such as Metasploit, Burp Suite, and Cobalt Strike.
Experience with scripting and programming languages such as Python, PowerShell, and Bash.
Knowledge of threat modeling, vulnerability assessment, and risk management practices.
Certifications:
Relevant industry certifications such as OSCP, OSCE, OSEP, CISSP, or GPEN preferred.
Continuous professional development through participation in cybersecurity training and conferences.
Current Employees apply HERE
Current Contingent Workers apply HERE
US and Puerto Rico Residents Only:
Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.
We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
Pay Transparency Nondiscrimination
We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.
Learn more about your rights, including under California, Colorado and other US State Acts
U.S. Hybrid Work Model
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.
The Company is required to provide a reasonable estimate of the salary range for this job in certain states and cities within the United States. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.
Expected US salary range:
$135,500.00 - $213,400.00Available benefits include bonus eligibility, long term incentive if applicable, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. A summary of benefits is listed here.
San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
RegularRelocation:
DomesticVISA Sponsorship:
NoTravel Requirements:
10%Flexible Work Arrangements:
HybridShift:
1st - DayValid Driving License:
NoHazardous Material(s):
n/aJob Posting End Date:
12/2/2024*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.
ApplyJob Profile
Commutable distance of 50 miles to Rahway, NJ Hybrid Hybrid schedule Hybrid schedule 3 days in office Hybrid work Hybrid work model On-site Puerto Rico residents only US and Puerto Rico residents only
Benefits/PerksBonus eligibility Continuous learning Continuous professional development Diverse workplace Equal opportunity employer Flexible work Flexible work arrangements Health Care Hybrid work Hybrid work model Hybrid work schedule Inclusion Inclusive environment Inclusive workplace Insurance Paid holidays Professional development Professional development opportunities Retirement benefits Sick Days Vacation
Tasks- Attack path mapping
- Collaborate with blue teams
- Compliance
- Develop penetration testing methodologies
- Innovation
- Knowledge sharing
- Leadership
- Lead purple team exercises
- Lead red team engagements
- Mentor junior team members
- Produce reports
- Recommend remediation strategies
- Risk Management
- Utilize threat intelligence
Adversarial simulation Assessment Bash Burp Suite Cobalt Strike Compliance Computer Computer Science Continuous Improvement Continuous Learning Cybersecurity Data Development Education Inclusion Information security Infrastructure Innovation Knowledge Sharing Leadership Learning Management Manufacturing Metasploit Methodologies Modeling Network protocols Operating Systems Organization Penetration Testing PowerShell Programming Python Research Risk Management Science Scripting Security architectures Security Controls Simulation Strategic Thinking Teams Technical Technical Expertise Testing Threat Intelligence Threat modeling Training Vulnerability assessment
Experience5 years
EducationAS Bachelor Bachelor's Bachelor's degree Bachelor's degree in Computer Science Business Computer Science Health Care Information Security Management Related Field Science
CertificationsCISSP GPEN Information security OSCE OSCP OSEP
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9