Key Responsibilities
- Design and implement a comprehensive Red Teaming framework, including Rules of Engagement (ROE), deconfliction protocols, and safety standards for adversarial simulations.
- Execute advanced post-exploitation activities such as lateral movement, privilege escalation, and persistent data exfiltration to demonstrate real business impact.
- Partner with Blue Teams to convert complex attack paths into actionable detection use cases and security architecture improvements.
- Conduct deep-tier research to identify unknown vulnerabilities (zero-days) within custom applications and internal platforms.
- Lead advanced manual penetration testing across web applications, APIs, mobile platforms (iOS/Android), and thick client environments beyond compliance-driven assessments.
- Develop custom exploit scripts (Python/C) through manual code review, assembly analysis, and logic flaw identification to validate critical vulnerabilities.
- Perform business logic testing using manual request manipulation and adversarial thinking to uncover high-impact flaws missed by automated tools.
- Reverse engineer proprietary systems, protocols, and legacy applications to ensure full security coverage.
- Bypass defensive controls by simulating real-world adversary techniques, including evasion of EDR, WAF, and identity-based protections.
- Drive AI/LLM Security Testing, including prompt injection, data leakage, model abuse, and secure agent validation.
- Enable Autonomous Pentesting capabilities by leveraging AI-driven tooling and adversarial automation frameworks.
- Perform DSAT (Data Security & Exposure Assessment Testing) to simulate sensitive data discovery, access misuse, and exfiltration scenarios.
- Support Application Security (AppSec) by collaborating with development teams on SAST/DAST improvements and secure design validation.
- Ensure alignment with regulatory frameworks such as FedRAMP and StateRAMP, working closely with US stakeholders and external assessors.
Our Interview Practices
To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Please note that use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.
Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.