Hardware Red Team Operator

Ciena is committed to our people-first philosophy. Our teams enjoy a culture focused on prioritizing a personalized and flexible work environment that empowers an individual’s passions, growth, wellbeing and belonging. We’re a technology company that leads with our humanity—driving our business priorities alongside meaningful social, community, and societal impact.

Not ready to apply? Join our Talent Community to get relevant job alerts straight to your inbox.

Red Team Operator

The Red Team Operator will work within a small team of senior operators, associates, and peers to perform red team campaigns, purple team engagements, and time-boxed penetration testing projects for internal Ciena clients such as product and application teams and the broader Ciena organization. This position is heavily focused toward working with product teams. Proficiency with C2 frameworks, current tactics, techniques, and procedures (TTPs), basic scripting/programming are essential to the role. The position may require cross-functional support with other teams such as Incident Response, Monitoring & Analysis, and Threat Intelligence. In addition to core technical competencies, a strong aptitude for technical writing in reports, presentations, operating guides, and knowledge articles is vital to the role.

Responsibilities:

• Candidates will need to coordinate and work with other parts of the business including IT, R&D, and other areas of the Security organization
• Candidates will need to work closely with Application Security, Product Security, Monitoring & Analysis, and the Security Engineering functional areas within the Security organization
• Plan and conduct offensive engagements including red team campaigns, internal/external penetration testing, purple teams, and web application assessments
• Effectively communicate findings, narrative of attack paths, recommendations, replication steps, and strategy to technical and executive stakeholders
• Build tools (scripts, programs, etc) and TTPs (tactics, techniques, procedures) for conducting offensive operations
• Be a subject matter expert (SME) in one or more of these areas: initial access, evasion, adversary tradecraft, offensive operations within Windows/*Nix/OSX, capability development
• Be a security advocate for other teams and help individuals and projects, as needed
• Stay current on adversary tradecraft, TTPs, and vulnerabilities
• Train fellow team members and contribute to knowledge repositories
• Responsible handling, storage, and destruction of sensitive information during engagements

Qualifying Experience and Attributes:

• 2+ years’ experience in a Red Team or Penetration Testing role
• Firmware and reverse engineering experience, especially with embedded devices
• Experience working with Application-Specific Integrated Circuits (ASIC), Field-Programmable Gate Array (FPGA), signal processors, and other integrated circuits
• General proficiency in C/C++, Python 3, and Go
• Ability to work within a highly collaborative team environment
• Foundational knowledge of defensive security concepts such as Defense-in-depth, Principle of Least Privilege, Zero Trust, etc.
• Strong written and verbal communication skills
• Ability to collect, organize, analyze, and communicate large amounts of technical information with attention to detail and accuracy
• Proficient with Windows and Linux operating systems
• Proficient with core networking concepts
• Experienced with MITRE ATT&CK Framework

Preferred Experience and Attributes:

• Bachelor’s degree in Computer Engineering, Computer Science, or Electric Engineering
• 8+ years’ experience in Security or security related fields
• Experience with real-time operating systems (RTOS)
• Cross-functional experience in Incident Response, Forensics, Security Engineering, or Network Administration
• Self-motivation to get tasks completed
• Experience with JTAG, SPI, I2C, and other protocols
• Experience with testing and using Hardware Security Modules (HSM) and Trusted Platform Modules (TPM)
• Strong proficiency in 1 or more additional scripting languages: Lua, Shell Script, and/or Perl
• Ability to lead engagements or project teams

#LI-SM