This role is in the CISO / Cyber Defence / Threat Intelligence / Offensive Security organization. As businesses leverage digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. High profile industry incidents show that these risks are real, and this has turned cyber resilience into a topic for Boards. Cyber-attacks can cause damage to reputations, destruction of assets and loss of information. Shell is taking action to detect and respond to the continuous flow of these types of attacks.

The Powering Progress strategy of Shell requires a competitive and flexible IDT organization. IDT remains uniquely positioned to integrate digital capabilities, enable significant automation and fully leverage data & innovation to drive business performance, create value and grow shareholder returns. As businesses leverages digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. Cyber-attacks can cause damage to reputation, destruction of assets and loss of information. Shell is acting to proactively to assess the threat landscape to identify and mitigate (un)known threats continuously. CyberDefence capability has specific focus to identify cyber threats, discovery of (un)known vulnerabilities, detect for cyber intrusions and respond to security incidents. CyberDefence is aiming to strengthen its proactive and reactive capabilities across people, process and technology and improve security posture with pro-active assessments and remediate technical gaps of Shells defenses.

Within CyberDefence, the Red Team is a process-driven security function with the purpose of verifying the correct functioning of defensive tools, people, and processes. To help realize this capability, continuous security assurance improvements are made through awareness and exposure of critical weaknesses in our IT environment.

The Red Team process is set up to work independently of the pen testing team in CyberDefence; where pen testing is aimed at finding and fixing vulnerabilities in the applications and services, the red team function is designed and set up to test the effectiveness of the security controls which include detection, visibility for monitoring, and incident capabilities. The Red Team member is part of the CyberDefence Threat Intelligence team and expected to collaborate with the Threat team, incident response team and security engineers to tune detection mechanisms and provide input to threat hunting attack hypotheses.

Verantwoordelijkheden

• As part of the CyberDefence Threat Intelligence capability, the Sr. Red Team analyst has the following main areas of focus:
• Identify cyber threats, discover of IT/OT vulnerabilities, detect for cyber intrusions, and respond to security incidents and test our defenses.
• Understand the internal and external threat landscape, what threats to focus on and how these can be identified within Shell.
• Find unknown active cyber security threats within Shell and weaknesses in our security controls by applying data analysis techniques to large, diverse sets of internal and external data.
• Test if our security processes & controls provide the ability to protect, detect and respond to real cyber-attacks.
• Specifically, your role involves:
• Planning of specific Red Team scenarios, in alignment and coordination with the Leadership Team (LT) and in some (high profile) cases with support of the CISO LT.
• Assist with design of attack scenarios, implement, and maintain lab/tools/environment for testing.
• Perform controlled execution of attack scenarios against live systems to simulate real adversary tactics, conduct attack and vulnerability research, with the purpose to test the CyberDefence protection & detection capabilities with the aim to remain undetected.
• The Red Team member will work to evade, and therefore test the protection & detection mechanisms in place and will assist to address weaknesses with relevant stakeholders to uplift potentially discovered weaknesses.
• Assess and routinely adopt the tools and techniques of adversaries, leverage the understanding of attacks on other organizations, and mimic the work of adversaries to support training of our monitoring analysts.
• Produce high quality deliverables in terms of both content and presentation. Examples of deliverables include: communication protocols, proof of concept exploit code/scripts, reports, presentations and reasoned arguments to improve security posture.
• Engagement with CyberDefence LT members and specific functions to improve process, gain focus and prioritize systemic weaknesses identified for remediation, balancing risk, and impact with other ongoing activities.
• Update and maintain standard operating procedures across the capabilities within scope.
• Carry out assignments and projects, alone or as part of a team, applying knowledge, skills, and experience.

De Opdracht

This JG4 position will report to the Offensive Security Manager.

The analyst will have the opportunity to conduct red, purple team assessments in a large complex IT/OT network infrastructure –120K desktops and –10K servers and applications spanning the globe and across cultures.

The analyst will support all security testing activities to proactively identify weaknesses and help protect Shell from cyber-attacks.

• Minimum of one (1+) years red team experience and four (5+) years experience with full scope pen testing.
• Completed Bachelor of Science degree in Computer Science, Cyber security, or similar.
• Proficient in developing exploit code and scripts using Python, PowerShell, and other programming languages.
• Proficient in systems administration, pen testing and using industry standard red team tools such as: Cobalt Strike, NightHawk, Metasploit, Bloodhound, etc.
• Ability to write high quality executive debrief presentations and detailed technical testing reports.
• Demonstrate broad knowledge of MS Windows, Unix-based and mid-range platform systems used to deliver commercial enterprise applications as well as cloud environments.
• Understanding of a Red Teams mission to drive security improvements through partnerships with the relevant stakeholders.
• Understanding of cyber security, including the tactics, techniques and procedures deployed by hackers in attempts to breach barriers and how to detect & respond to these threats.

Wensen

• Hands-on technical security experience in system administration or network administration is considered a plus.
• Masters degree in Computer Science, Cyber security, or similar (preferably).
• Certifications (OSCP, OSCE, GWAPT, GPEN) are preferred but not required.

Competenties

• Strong team player: must be able to work with others and contribute to help solve complex issues.
• Have strong organizational skills and support operational excellence.
• Maintains knowledge and experience of current practice within own area of expertise and is aware of current developments within own area of expertise.
• Promotes transfer of knowledge and awareness of information security to those in related areas.
• Pro-active and self-motivated, committed to achieving deadlines and results.

Optie tot verlenging: Niets over bekend.

Hybride: Geen verdere informatie

Fee: De administratieve partner rekent een aanvullende fee van € 2,50 boven op het uurtarief.

Overig algemeen:

Het CV en de motivatie dienen aangeboden te worden in het Engels.

Het CV dient in een Word format aangeleverd te worden.

Adhere to all applicable Shell HR and Ethics policies.