Staff (Lead) Cybersecurity Engineer - Red Team / Research & Development (Remote)

With a career at The Home Depot, you can be yourself and also be part of something bigger.

Position Purpose:

The Home Depot (THD) Red Team is looking for an experienced cybersecurity researcher to lead offensive security R&D initiatives supporting full-scope attack simulations, penetration tests, and other responsibilities under the Red Team’s purview. This role falls under the Security Operation Center (SOC) and serves as a subject matter expert in researching, developing, and weaponizing OPSEC-safe TTPs, payload generation, vulnerability hunting, exploit development, and data exfiltration, as well as tool and capability development. A Lead Red Team Researcher will utilize their advanced knowledge in offensive security and closely partner and collaborate with Red Team Operators to solve complex challenges and assist as needed to drive engagements to a successful conclusion while capturing all goals and objectives. Additionally, a Lead Red Team Researcher will inspire other team members to "try harder," foster a collaborative environment, and find opportunities to mentor and share skillset knowledge.

Job Description:

- Collaborate with Red Team Operators to support offensive security engagements through R&D.
- Solid experience with researching, developing and weaponizing OPSEC-safe offensive security TTPs, including data exfiltration, lateral movement, privilege escalation, "living off the land," and data exfiltration.
- Ability to develop custom tools and tradecraft to automate tasks and increase the team's capabilities.
- Strong foundation with GitHub, Git protocol, and development lifecycle.
- Detailed understanding of Red Team concepts and adversarial tradecraft within networking; web application; Windows, macOS, Linux endpoints; and cloud.
- Proficient in vulnerability analysis, fuzzing, reverse engineering, and exploit development.
- Experience executing full-scope attack simulations, penetration tests, and web application assessments against enterprise IT environments.
- Capable of developing OPSEC-safe payloads.
- Fluent in C or C++, Assembly (i.e., x86/x64 and ARM/ARM64), C#, .NET, and scripting languages like Python, Bash, and PowerShell.
- Extensive knowledge of operating systems internals, including Windows and Linux.
- Experience developing user mode or kernel mode exploits on Windows.
- Proficient with reverse engineering using tools such as WinDBG, GDB, IDA Pro, Binary Ninja, and Ghidra.
- Comprehensive knowledge of different bug classes and offensive exploitation techniques.
- Comprehensive knowledge of bypassing endpoint security controls to include EDR, DLP, and AV.
- Familiarity with MITRE ATT&CK Framework and its application.
- Strong understanding of the Penetration Testing Execution Standard (PTES).
- Executive presence, strong ability to communicate upward and to peers, and presenting technical subjects to non-technical audiences.

Required Skills:

- 3-5 years of offensive security experience
- Strong technical reporting and documentation skills
- Project management experience and ability to delegate
- Proven track record of mentoring team members
- Passionate about solving complex challenges
- Experience working across multiple lines of business in a corporate function
- Collaborative mindset and a team player
- Subject matter expert in TTP research and development
- Proven track record of developing offensive security tools and solutions
- Demonstrates good organizational and multi-tasking capabilities
- Ability to innovate and think outside the box
- In-depth understanding of security threats affecting the retail sector
- Proficient in programming
- Capable of source code review
- Confidence in presenting research output and providing instruction
- History of public GitHub or other code repository commits
- Published CVEs

Preferred Skills:
- Certifications in offensive security (OSCP, OSWP, OSEP, OSCE, OSWA, OSWE) and other areas of IT
- Experience with providing incident response support
- Professional development background

- Active in the security community, contributes to open-source projects, and experience presenting at security conferences

Protecting what matters most to our associates and consumers by securing our sensitive data and critical assets from current and emerging threats. At The Home Depot, Cybersecurity consists of Architecture, Governance, Identity & Access Management, Internal Threat Operations, Issue and Compliance Management, Risk Assessment/Advisory, Security Consulting, Security Operations, Service Optimization and Strategic Planning.

Key Responsibilities:

• 100% Deliver Execution, Plans & Aligns, Develop Others - Design, review and execute solutions to protect the enterprise; Lead, mentor and provide guidance; Facilitate vulnerability management programs across systems, networking and engineering teams; Develop, test, deploy and operationalize security monitoring, assessment and response solutions

Direct Manager/Direct Reports:

• This position typically reports to Manager or Sr. Manager
• This position has 0 Direct Reports

Travel Requirements:

• No travel required.

Physical Requirements:

• Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Working Conditions:

• Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.

Minimum Qualifications:

• Must be eighteen years of age or older.
• Must be legally permitted to work in the United States.

Minimum Education:

• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Minimum Years of Work Experience:

• 5+

Competencies:

• Action Oriented
• Collaborates
• Drives Engagement
• Communicates Effectively
• Customer Focus
• Drives Results
• Manages Conflict

For California, Colorado, Connecticut, Rhode Island, Nevada, New York City, Ithaca (NY), Westchester County (NY), and Washington residents: