About the Team: This role is part of the Offensive Security practice at UKG. We are responsible for all penetration testing and red team operations for UKG. As the threat emulators and ethical hackers for the company we have the unique mission of identifying, validating, and measuring the effectiveness of our people, processes, and technical controls across the entire UKG footprint. About the Role: We are seeking an experienced and highly skilled Lead Red Team Operator to join our cybersecurity team. The ideal candidate will have extensive experience in red team operations, with a proven ability to lead complex security assessments and mentor junior team members. Responsibilities include: - Strategic Planning and Execution: Develop and execute Red Team operations based on realistic threats to the organization. This involves understanding the business objectives and aligning Red Team activities to support these goals. - Leadership and Mentorship: Lead and mentor team members, fostering a culture of continuous learning and improvement. This includes providing guidance on complex engagements and developing the team’s skills. - Collaboration with Other Teams: Work closely with other security teams, such as the Blue Team and Security Incident Response Team (SIRT), to improve detection and response capabilities. This collaboration ensures a holistic approach to security. - Development of Custom Tools and Techniques: Innovate and develop custom tools, payloads, and techniques to simulate advanced threats. This includes automating attack techniques and contributing to open-source tools. - Threat Intelligence and Modeling: Stay informed on current security trends, advisories, and research. Use this knowledge to model potential threats and develop strategies to mitigate them. - Business Impact Analysis: Identify and prioritize critical business assets, ensuring that Red Team efforts focus on the most valuable and vulnerable parts of the organization. - Reporting and Communication: Write detailed reports covering the goals, outcomes, and recommendations of Red Team operations. Communicate findings effectively to both technical and non-technical stakeholders. - Policy and Process Enhancement: Collaborate with non-technical teams to propose enhancements to organizational policies and processes, ensuring they are robust against potential threats. About You: Requirements: - 7+ years of offensive security experience, leading and supporting a variety of engagements across different industries. - Expert-level proficiency with common operating systems such as Windows, MacOS, and Linux, plus a strong understanding of ChromeOS, iOS, and Android. - Advanced expertise in cloud platforms (AWS/Azure/GCP and O365/Google Workspace) and container technologies (Kubernetes/Docker). - Mastery in Windows Active Directory exploitation and lateral movement. Extensive experience in custom tool and payload development, reverse engineering, and evasion techniques. - Proficiency in multiple programming languages (e.g., Python, Golang, JavaScript/TypeScript, C#, C/C++, PowerShell, and/or Bash). - Comprehensive understanding of network and web-related protocols (e.g., TCP/IP, HTTP/S, WebAPIs). - Proven track record in social engineering, including reconnaissance and phishing/vishing pretexts. - Exceptional written and verbal communication skills. Preferred Qualifications: - Expertise in exploit development and/or assembly (x86/arm). - Advanced knowledge of threat modeling, threat intelligence, or incident response. - Experience with DevOps and CI/CD technologies. - Proven experience conducting physical penetration testing engagements, including entry skills and RFID hacking. - In-depth knowledge of blockchain security. - Relevant certifications (e.g., OSCP, GWAPT, GPEN) are a plus but not required. It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.