Position Purpose:

The Home Depot (THD) Red Team is looking for an experienced cybersecurity researcher to lead offensive security R&D initiatives supporting full-scope attack simulations, penetration tests, and other responsibilities under the Red Team's purview. This role falls under the Security Operation Center (SOC) and serves as a subject matter expert in researching, developing, and weaponizing OPSEC-safe TTPs, payload generation, vulnerability hunting, exploit development, and data exfiltration, as well as tool and capability development. A Lead Red Team Researcher will utilize their advanced knowledge in offensive security and closely partner and collaborate with Red Team Operators to solve complex challenges and assist as needed to drive engagements to a successful conclusion while capturing all goals and objectives. Additionally, a Lead Red Team Researcher will inspire other team members to "try harder," foster a collaborative environment, and find opportunities to mentor and share skillset knowledge.Role Description

• Collaborate with Red Team Operators to support offensive security engagements through R&D.

• Solid experience with researching, developing and weaponizing OPSEC-safe offensive security TTPs, including data exfiltration, lateral movement, privilege escalation, "living off the land," and data exfiltration.

• Ability to develop custom tools and tradecraft to automate tasks and increase the team's capabilities.

• Strong foundation with GitHub, Git protocol, and development lifecycle.

• Detailed understanding of Red Team concepts and adversarial tradecraft within networking; web application; Windows, macOS, Linux endpoints; and cloud.

• Proficient in vulnerability analysis, fuzzing, reverse engineering, and exploit development.

• Experience executing full-scope attack simulations, penetration tests, and web application assessments against enterprise IT environments.

• Capable of developing OPSEC-safe payloads.

• Fluent in C or C++, Assembly (i.e., x86/x64 and ARM/ARM64), C#, .NET, and scripting languages like Python, Bash, and PowerShell.

• Extensive knowledge of operating systems internals, including Windows and Linux.

• Experience developing user mode or kernel mode exploits on Windows.

• Proficient with reverse engineering using tools such as WinDBG, GDB, IDA Pro, Binary Ninja, and Ghidra.

• Comprehensive knowledge of different bug classes and offensive exploitation techniques.

• Comprehensive knowledge of bypassing endpoint security controls to include EDR, DLP, and AV.

• Familiarity with MITRE ATT&CK Framework and its application.

• Strong understanding of the Penetration Testing Execution Standard (PTES).

• Executive presence, strong ability to communicate upward and to peers, and presenting technical subjects to non-technical audiences.

Must Have's

• 3-5 years of offensive security experience

• Strong technical reporting and documentation skills

• Project management experience and ability to delegate

• Proven track record of mentoring team members

• Passionate about solving complex challenges

• Experience working across multiple lines of business in a corporate function

• Collaborative mindset and a team player

• Subject matter expert in TTP research and development

• Proven track record of developing offensive security tools and solutions

• Demonstrates good organizational and multi-tasking capabilities

• Ability to innovate and think outside the box

• In-depth understanding of security threats affecting the retail sector

• Proficient in programming

• Capable of source code review

• Confidence in presenting research output and providing instruction

• History of public GitHub or other code repository commits

• Published CVEs

Nice to Have's

• Certifications in offensive security (OSCP, OSWP, OSEP, OSCE, OSWA, OSWE) and other areas of IT

• Experience with providing incident response support

• Professional development background

• Active in the security community, contributes to open-source projects, and experience presenting at security conferences

Protecting what matters most to our associates and consumers by securing our sensitive data and critical assets from current and emerging threats. At The Home Depot Cybersecurity consists of Architecture, Governance, Identity & Access Management, Internal Threat Operations, Issue and Compliance Management, Risk Assessment/Advisory, Security Consulting, Security Operations and Strategic Planning.

Staff Analysts perform data gathering, analysis, synthesis and develop solutions to support THD Cybersecurity practices. Staff Analyst mentors and guides Jr Analysts. Lead multiple projects, possess excellent communication skills, work well with a team, interact with multiple levels and functions across the organization

Key Responsibilities:

• 100% Deliver Execution, Plans & Aligns, Develop Others - Oversee multiple projects simultaneously; Strategic partner to align solutions to customers expectations Communicate to various levels of business partners; Collaborate with stakeholders, business partners, colleagues, developers and others to deliver high quality solutions; Partner cross-functionally to define assess, communicate, implement, train and change management of projects; Lead, mentor and provide guidance to team members and partners; Serve as SME and perform research/analysis within assigned projects

Direct Manager/Direct Reports:

• This position typically reports to Manager or Sr. Manager

• This position has 0 Direct Reports

Travel Requirements:

• No travel required.

Physical Requirements:

• Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Working Conditions:

• Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.

Minimum Qualifications:

• Must be eighteen years of age or older.

• Must be legally permitted to work in the United States.

Preferred Qualifications:

• 2+ years of previous leadership experience

Minimum Education:

• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Minimum Years of Work Experience:

• 5 Competencies:

• Action Oriented

• Collaborates

• Drives Engagement

• Communicates Effectively

• Customer Focus

• Drives Results

• Manages Conflict

The application window is anticipated to be closed on June 11, 2024

See more benefits: livetheorangelife.com

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. - $120,000.00 - $210,000.00