Senior Security Systems Engineer- Red Team

POSITION PURPOSE

The Home Depot is seeking a Senior Systems Engineer to join the Adversarial Research & Emulation Services (ARES) Red Team based in Atlanta, GA. This position will be responsible for planning, executing, and reporting on full-scope, large-scale attack simulations that mimic tactics, techniques, and procedures (TTPs) utilized by adversaries targeting large enterprise environments.  

The purpose of this position is to provide effective offensive security services that continuously challenge assumptions, as well as engage in security research to help drive protecting the company's critical information technology assets, brand name, and assure compliance with corporate and regulatory policies/standards and industry best practices.  

This position functions as a core member of The Home Depot ARES Red Team and will report to the Senior Manager of the Threat Detection & Response Center. 

The Staff Systems Engineer develops, maintains, and supports The Home Depot's technical infrastructure that includes network, hardware, database, and system software components.  The Staff Systems Engineer is responsible for collaborating with and enabling product teams with infrastructure. Staff Systems Engineers are expected to leverage tooling and custom applications to monitor and optimize performance. Staff Systems Engineers lead the stand up of physical and virtual infrastructure to meet evolving enterprise and product team needs. In addition, Staff Systems Engineers may lead the selection and rollout of field and corporate technology.  As a Staff Systems Engineer, you will be a core player that participates and leads multiple efforts simultaneously. You are expected to build and grow the skillsets of more junior Engineers on the team.

MAJOR TASKS, RESPONSIBILITES AND KEY ACCOUNTABILITIES

20% - Strategy & Planning:
Researches and analyzes business trends and behavioral data to identify opportunities for improvements and new initiatives
Leads the evaluation, development, and recommendation of specific technology products and platforms to provide cost-effective solutions that meet business and technology requirements
Researches and designs best fit infrastructure, network, database, and security architectures for products
Proactively creates and maintains tools for monitoring and support
Participates in project planning and management across multiple efforts
Develops formal training courses

30% - Delivery & Execution:
Leads configuration, debugging, and support for infrastructure
Leads field and corporate roll-outs of technology
Leads the stand up of necessary system software, hardware, and equipment (physical or virtual) to meet changing infrastructure needs
Creates and optimizes specifications for technology solutions
Produces and manages purchase requests for hardware and software

40% - Support & Enablement:
Collaborates with product and project teams to understand needs and enable them with infrastructure
Supports technology architecture design review efforts for project and product teams
Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate
Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
Maintains, upgrades, and supports existing systems and infrastructure to ensure operational stability
Acts as a vendor liaison, owning resourcing, issue management, and documentation
Leads the production of in-house documentation around solutions
Monitors tools and proactively helps teams struggling with systems issues
Provides application support for software running in production
Creates scripts and tools that drive automation and enable product teams and end users to move towards self service
Acts as a mentor to more junior Systems Engineers

10% - Learning:
Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure
Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice)
Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations

NATURE AND SCOPE
Typically reports to the Systems Engineer Manager or Sr. Manager.

ENVIRONMENTAL JOB REQUIREMENTS
Environment:
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Travel:
Typically requires overnight travel less than 10% of the time.
Additional Environmental Job Requirements: MINIMUM QUALIFICATIONS
Must be eighteen years of age or older.
Must be legally permitted to work in the United States.

Additional Minimum Qualifications:
Must be legally permitted to work in the United States

Education Required:
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Years of Relevant Work Experience: 3 years

Physical Requirements:
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.


Preferred Qualifications:

• Minimum of two (2) years of relative work experience in penetration testing or related experience
• Must have a strong passion for offensive security
• Knowledge of modern exploitation techniques and the ability to understand and modify existing exploit code
• Experience performing security testing against Linux and Windows endpoints
• Strong understanding of Active Directory
• Proficient knowledge of penetration testing tools and frameworks (I.e., Metasploit, Cobalt Strike, Burp Suite Pro, Wireshark, Aircrack-ng Suite, etc)
• Strong understanding of command and control (C2), data exfiltration, and lateral movement techniques
• Excellent written and verbal communication skills
• The ability to work both independently and as part of a team
• Strong understanding of the TCP/IP protocol and OSI layers
• Strong understanding of operations security (OPSEC), evasion, and anti-forensics techniques
• Ability to travel up to 20% 
• Red and Purple teaming experience
• An understanding of threat actors specifically targeting enterprise retailers
• Experience in computer programming languages such as Python, Java, Assembly, C++, C#, Ruby, PowerShell, as well as scripting with Bash
• Certifications desired: OSCP, OSWP, OSCE, OSEE