Security Consultant- EDR Security Testing- Banking

Overview

Job Title: Security Consultant – EDR Security Testing

Location: Onsite (Dubai, UAE) or Remote (Offshore – India)
Job Type: Contract (2 months)
Experience: 7–10 years (relevant experience)
Availability: Immediate joiners only

Preferred Qualifications:

· Strong experience in red teaming/offensive security engagements

· Hands-on EDR testing experience (CrowdStrike, Microsoft Defender, SentinelOne, etc.)

· Familiarity with MITRE ATT&CK framework and threat emulation tools (e.g., Caldera, Atomic Red Team, MITRE Engenuity)

· Scripting expertise (PowerShell, Python, Batch, etc.)

· Relevant security certifications (e.g., OSCP, CRTP, CRTE, GIAC certifications)

Job Overview:

We are seeking a highly skilled and experienced Security Consultant with a strong background in EDR (Endpoint Detection and Response) security testing. The ideal candidate will have expertise in offensive security techniques aligned with MITRE ATT&CK tactics and techniques. The consultant will be responsible for simulating adversarial behaviors, testing endpoint security efficacy, and identifying potential gaps in defense mechanisms.

Key Responsibilities:

· Execute simulated attack scenarios across various MITRE ATT&CK tactics

· Conduct comprehensive EDR/AV evasion testing

· Identify vulnerabilities and misconfigurations in endpoint security configurations

· Document findings and provide recommendations for improving endpoint defenses

· Collaborate with internal security and engineering teams to fine-tune detection mechanisms

MITRE ATT&CK Coverage Areas:

1. Execution (TA0002):

· PowerShell (T1059.001), Command Shell (T1059.003), VBA (T1059.005), JavaScript (T1059.007)

· Application Exploitation (T1203), WMI (T1047), Service Execution (T1569.002)

· Scripting (T1106), Task Scheduler (T1053.005), Browser Extension (T1129)

2. Defense Evasion (TA0005):

· Obfuscation (T1027), Masquerading (T1036.005), Log Clearing (T1070.004)

· Disable Defender (T1562.001), Rundll32/Regsvr32 (T1218.011/T1216.001)

· Deobfuscation (T1140), Registry/Permissions Modification (T1112, T1222.002), File Renaming (T1036.003)

3. Credential Access (TA0006):

· LSASS Dumping (T1003.001), Credential Manager (T1555.003), Config Files (T1552.001)

· Brute Force (T1110.001), Kerberos Tickets (T1558.003), Registry Access (T1555.004)

· SAM Dump (T1003.003), Cloud Credential Search (T1552.004), Keylogging/Input Capture (T1556.001/T1550.002)

4. Command & Control (TA0011):

· HTTP/S C2 (T1071.001/002), Non-app Protocols (T1095), File Transfer (T1105)

· Non-standard Ports (T1571), Protocol Tunneling (T1001.003), RATs (T1219)

· Third-party Services (T1102.002), Proxy Use (T1090.003), Encoding (T1132.001)

5. Lateral Movement (TA0008):

· SMB/RDP/DCOM (T1021.002/001/003), Remote Service Exploits (T1210), Remote Execution (T1075)

· Proxy (T1080), Tool Transfer (T1570), SSH (T1021.004), VNC (T1021.005)

6. Persistence (TA0003):

· Registry Keys (T1547.001), Scheduled Tasks (T1053.005), Services (T1543.003)

· User Creation (T1136.001), Accessibility Features (T1546.008), Application Shimming (T1547.009)

· DLL Hijacking (T1574.002), Event Trigger (T1546.001), Browser Extension (T1176), System Binaries (T1547.006)

7. Exfiltration (TA0010):

· C2 Channel (T1041), Cloud Storage (T1567.002), Bluetooth/Infrared (T1052.002/.003)

· Automated Techniques (T1020), Encrypted Protocols (T1048.001/.002/.003), File Transfer Limits (T1030)

8. Discovery (TA0007):

· Account/System/Process Discovery (T1087.001, T1082, T1057, T1033, T1049, T1018)

· File/Software/Group Discovery (T1083, T1518.001, T1069.001/.002)

· Code Injection (T1055.001), Language/Locale Checks (T1614.001), Service/Partition Info (T1007, T1010), Security Software Detection (T1201), VM Metadata (T1526)

9. Collection (TA0009):

· Screen, Audio, Video Capture (T1113, T1115, T1123), Clipboard (T1119)

· File/Browser Data Collection (T1005, T1530), Keylogging/GUI Input Capture (T1056.001/.004)

· Staging Data (T1074.001), LLMNR/NBT-NS (T1557.001)

10. Impact (TA0040):

· Ransomware Simulation (T1486), File Corruption/Deletion (T1565.001), Disk Wiping (T1490)

Job Type: Contractual / Temporary
Contract length: 2 months

Pay: ₹120,000.00 - ₹140,000.00 per month

Experience:

• Security Consultant: 10 years (Required)
• Banking: 10 years (Required)
• Red Teaming: 10 years (Required)
• Offensive Security: 10 years (Required)
• EDR Security Testing: 10 years (Required)
• CrowdStrike: 10 years (Required)
• Microsoft Defender: 10 years (Required)
• MITRE ATT&CK: 9 years (Preferred)
• Threat: 10 years (Required)
• Powershell: 10 years (Required)
• Python: 10 years (Required)
• Bash: 10 years (Required)

License/Certification:

• GIAC Certification (Required)
• CRTE (Preferred)
• OSCP (Preferred)

Work Location: Remote

Application Deadline: 25/04/2025