Cybersecurity Red Team Specialist

GM Financial
Arlington, TX
01 Jun 2024

Vacancy expired!

Overview

The Cybersecurity Red Team Specialist is responsible for performing ethical hacking and penetration tests of the General Motors Financial information environment to include both physical and logical security controls and systems. The end goal of these tests will be to assess and analyze GMF's security posture as well as its ability to respond to a hacker-simulated attack. This team member will be responsible for scoping engagements, performing the assessment, documenting results and methodologies and working with stakeholders across Cybersecurity, ITS, and business units to remediate findings. Additionally, this team member will be responsible for identifying and testing new tools, techniques and methods used by the GMF Red Team for penetration testing activities. Finally, the Cybersecurity Red Team Specialist will be responsible for communicating testing methodologies and findings to executive leadership in Cybersecurity, ITS and other business units.

Responsibilities

JOB DUTIES

  • Perform internal red team program assessments including Penetration Testing, Red/Blue Teaming Programs, Cyber Tabletop Exercises
  • Summarize assessments for senior leadership, including areas of success and areas of opportunities
  • Perform complex security related testing, creating test cases, performing manual and automated tests
  • Report on problems encountered and documenting test results for follow-up
  • Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary
  • Develop processes and implement tools and techniques to perform ongoing security assessments of the environment
  • Identify and remediation of any findings, which are produced by the associated programs, with the other Cybersecurity departments, as well as Cybersecurity's Business and Information technology partners
  • Work closely with other groups within the Global Technology organization in order to develop the strong partnerships required to meet cybersecurity technology goals integrating the a designs for secure application, network and product development supporting business intelligence
  • Perform other duties as assigned
  • Conform with all company policies and procedures

REPORTING RELATIONSHIP

AVP Cybersecurity US

Qualifications

Knowledge

  • Proven ability to communicate technical issues to technical and non-technical business area representatives
  • Implement tools and techniques to identify and prevent unauthorized IT asset deployments
  • Keep current on industry security testing best practices and industry security risks
  • Strong technical skills and hands on experience in information security as it relates to server security, client security, user security, network communications and data storage
  • Strong practical knowledge of network security, specifically TCP/IP networking
  • Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses and filesystems
  • Strong knowledge of IT technologies and methods to secure them, specifically for databases, SharePoint, storage area networking, cloud-based storage and data warehouses
  • Practical experience with data loss, data privacy, regulatory requirements
  • Strong knowledge of the OSI model and security that is associated with each layer
  • Knowledge of operating and database security (Windows, UNIX/Linux, SQL, Oracle, etc)

Skills

  • Proven ability to communicate across multiple levels of stakeholders
  • Ability to interpret and document business and technical requirements
  • Good interpersonal, verbal and written communication skills
  • Detail oriented with good time and analytical skills
  • Ability to exercise prudent judgment and offer knowledgeable advice
  • Ability to work both independently and in a team environment
  • Ability to manage production sensitive situations
  • Ability to manage multiple projects and tasks
  • Be a reputable representative of the department
  • Extensive ability to transform technical concepts into usable documented material for non-technical users
  • Demonstrated high level of integrity when dealing with confidential and sensitive information
  • Programming experience in on or more languages such as Python, Ruby, Perl, Bash, Java
  • Hands-on experience in the security aspects of multiple platforms, operating systems, software, and network protocols
  • Hands-on experience with commercial and open-source network and application security testing tools

Education

  • High School Diploma or equivalent required
  • Bachelor's Degree in related field or equivalent work experience required

Experience

  • 2-4 years of experience in penetration testing, vulnerability management, or ethical hacking required
  • Experience white-box or gray-box testing in an enterprise environment while minimizing production impact required
  • Experience in setting appropriate priorities for tasks to be accomplished based on project plans and management priorities required
  • Experience in large scale information technology implementations and operations preferred

Licenses

  • Cybersecurity and ethical hacking related certifications (OSCP, OSCE) Upon Hire preferred

Working Conditions

  • Normal office environment subject to stressful situations
  • Flexible schedule with possibility of working long hours including weekends/holidays, occasional overtime or split shifts may be required
  • Limited travel may be required to support business needs

#LI-RB2
  • ID: #42071205
  • State: Texas Arlington 76014 Arlington USA
  • City: Arlington
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2022-06-01
  • Deadline: 2022-07-30
  • Category: Et cetera