What you do
You are responsible for the execution of our security tests. You apply your technical knowledge to hack real organizations and IT environments.
With the ethical hackers of Northwave’s red team, there’s always something to celebrate. For example, when you ‘root’ a system during a pentest, find an RCE-vulnerability during a Vulnerability Assessment, or when you succeed in capturing one of the crown jewels during a (TIBER) Red Team attack simulation.
You work together with the client from A to Z: you determine what their crown jewels are, discuss the attack scenarios, and record agreements in the Rules of Engagement. You can then put all your creativity into carrying out the test. Maybe you’ll think of a new social engineering scenario, develop malware, or look for technical vulnerabilities… Together with the team, you execute well thought-out scenarios and test the customer to the limit. Afterwards, you translate the results into a clear report. With your recommendations, the client’s IT-department gets to work. If you enjoy presenting your results, you take the C-level management of the client into the brains of cybercriminals.
You work for a variety of clients, from large law firms to government agencies and critical infrastructure. You will work on both Red Team exercises and Pentesting, with the split between these being approximately 50-50.
Our Red Team consists of more than 20 enthusiastic ethical hackers, who report to the Red Team Lead or Manager. Everyone in the has their own expertise, from Active Directory specialist to malware developer and from social engineer to web application security guru. We enjoy working together, challenging each other to improve our products and services in all areas, and sharing the latest attack techniques. And we don’t only share knowledge within our own team: we also regularly work together the Northwave CERT and SOC in order to use real Tactics, Techniques, and Procedures form cybercriminals during Red Team Exercises.
- Coming up with truly realistic attack scenarios that actually help the customer move forward
- Staying up-to-date in the field of offensive security, in order to identify and/or abuse the most complex vulnerabilities during security testing
- Developing your own malware and/or researching how to get malware into the client’s organization while remaining unnoticed
- Having the responsibility to successfully complete assignments from A to Z
- Sharing your technical knowledge with the other ethical hackers in the Red Team to help each other grow