Ciena Corp. Manila , AR 72442
Posted 3 weeks ago
Ciena is committed to our people-first philosophy. Our teams enjoy a culture focused on prioritizing a personalized and flexible work environment that empowers an individual's passions, growth, wellbeing and belonging. We're a technology company that leads with our humanity-driving our business priorities alongside meaningful social, community, and societal impact.
Not ready to apply? Join our Talent Community to get relevant job alerts straight to your inbox.
The Embedded system Red Team Operator will work within a small team of senior operators, associates, and peers to perform red team campaigns, purple team engagements, and time-boxed penetration testing projects for internal Ciena clients such as product and application teams and the broader Ciena organization. This position is heavily focused toward working with product teams. Proficiency with C2 frameworks, current tactics, techniques, and procedures (TTPs), basic scripting/programming are essential to the role. The position may require cross-functional support with other teams such as Incident Response, Monitoring & Analysis, and Threat Intelligence. In addition to core technical competencies, a strong aptitude for technical writing in reports, presentations, operating guides, and knowledge articles is vital to the role.
Responsibilities:
Candidates will need to coordinate and work with other parts of the business including IT, R&D, and other areas of the Security organization
Candidates will need to work closely with Application Security, Product Security, Monitoring & Analysis, and the Security Engineering functional areas within the Security organization
Plan and conduct offensive engagements including red team campaigns, internal/external penetration testing, purple teams, and web application assessments
Effectively communicate findings, narrative of attack paths, recommendations, replication steps, and strategy to technical and executive stakeholders
Build tools (scripts, programs, etc) and TTPs (tactics, techniques, procedures) for conducting offensive operations
Be a subject matter expert (SME) in one or more of these areas: initial access, evasion, adversary tradecraft, offensive operations within Windows/*Nix/OSX, capability development
Be a security advocate for other teams and help individuals and projects, as needed
Stay current on adversary tradecraft, TTPs, and vulnerabilities
Train fellow team members and contribute to knowledge repositories
Responsible handling, storage, and destruction of sensitive information during engagements
Qualifying Experience and Attributes:
2+ years' experience in a Red Team or Penetration Testing role
Firmware and reverse engineering experience, especially with embedded devices
General proficiency in C/C++, Python 3, and Go
Ability to work within a highly collaborative team environment
Foundational knowledge of defensive security concepts such as Defense-in-depth, Principle of Least Privilege, Zero Trust, etc.
Strong written and verbal communication skills
Ability to collect, organize, analyze, and communicate large amounts of technical information with attention to detail and accuracy
Proficient with Windows and Linux operating systems
Proficient with core networking concepts
Experienced with MITRE ATT&CK Framework
Preferred Experience and Attributes:
Bachelor's degree in Computer Engineering, Computer Science, or Electric Engineering
Experience working with Application-Specific Integrated Circuits (ASIC), Field-Programmable Gate Array (FPGA), signal processors, and other integrated circuits
8+ years' experience in Security or security related fields
Experience with real-time operating systems (RTOS)
Cross-functional experience in Incident Response, Forensics, Security Engineering, or Network Administration
Self-motivation to get tasks completed
Experience with JTAG, SPI, I2C, and other protocols
Experience with testing and using Hardware Security Modules (HSM) and Trusted Platform Modules (TPM)
Strong proficiency in 1 or more additional scripting languages: Lua, Shell Script, and/or Perl
Ability to lead engagements or project teams
#LI-SM
Not ready to apply? Join our Talent Community to get relevant job alerts straight to your inbox.
At Ciena, we are committed to building and fostering an environment in which our employees feel respected, valued, and heard. Ciena values the diversity of its workforce and respects its employees as individuals. We do not tolerate any form of discrimination.
Ciena is an Equal Opportunity Employer, including disability and protected veteran status.
If contacted in relation to a job opportunity, please advise Ciena of any accommodation measures you may require.
Ciena Corp.