Vacancy expired!
Our client, a leading global financial services company, has approximately 200 million customer accounts and does business in more than 140 countries. They provide consumers, corporations, governments and institutions with financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
The Role:This individual will participate in activities as part of the organization's attack surface reduction program. The candidate may also conduct regulatory driven Red Team Testing. To be successful in this role, the ideal candidate will have experience with reconnaissance, attack surface mapping techniques, technical program management and data analysis.Responsibilities• Assist with the development and implementation of program management processes and tools related to attack surface reduction• Collect, analyze, monitor, and interpret data related to the firm's attack surface• Assist in developing and maintaining technical documentation• Monitor program progress and identify potential risks and issues, including the changes in the firm's attack surface or the emergence of new threats• Establish meaningful partnerships with relevant stakeholders across the enterprise is a key function of this role to build and maintain a comprehensive model of applicable, feasible threats, and risks to the business• Act as a subject matter expert and provide guidance with stakeholders• Identify and ensure compliance with relevant frameworks and guidelines (e.g., NIST)Description• Review and validate testing results. Prioritize assets and provide recommendations that resolve issues based on overall risk• Scan and analyze applications with automated tools, and perform manual testing if necessary• Direct the development and delivery of secure solutions by coordinating with business and technical contacts• Appropriately assess risk when business decisions are made• Demonstrate appropriate consideration for the firm's reputation and safeguarding the bank, its clients, and assets by driving compliance with applicable laws, regulations, and Client Policy• Apply sound ethical judgment regarding personal behavior, conduct and business practices, while escalating, managing, and reporting control issues with transparencyQualifications4+ years' experience or equivalent knowledge and exposure are required with most of the following:• An understanding of attack surface management tools, including their capabilities and limitations• Deep understanding of reconnaissance types and techniques• Strong communication and interpersonal skills, including experience with technical and non-technical teams• Excellent analytical and problem-solving skills, with the ability to analyze complex data sets, and provide recommendations for mitigating risk• Familiarity with big data technologies, data analysis and visualization tools: Tableau, Spark, Hive, Hadoop, etc• Experience with program management tools: ServiceNow, JIRA, Confluence, etc• Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience• Identifying, researching, validating, and exploiting different, known, and unknown security vulnerabilities on the server and client side• Leveraging the MITRE Telecommunication&CK Framework• Red Team testing tools: Cobalt Strike, Red Team Toolkit, etc.• Vulnerability Assessment tools: Nessus, Qualys, etc.• Exploitation frameworks: Metasploit, CANVAS, Core Impact• Social Engineering campaigns: email phishing, phone calls, SET• Deep understanding of OSI model and OWASP• Security devices: Firewalls, VPN, AAA systems• OS Security: Unix/Linux, Windows, OSX• Understanding of common protocols: HTTP, LDAP, SMTP, DNS• Web application infrastructure: Application Servers, Web Servers, Databases• Web development and programming languages: Python, Perl, Ruby, Java, .NetEducation• Bachelor's degree/University degree or equivalent experience• Master's degree preferred• Industry-accredited security certifications highly preferred but not required (e.g. PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP)This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.169013 Please see our complete list of jobs at:www.rmscorp.com