Cyber Security Specialist/Manager (AVP)
Banking/Financial company
Banking/Financial company
W-2 onlyPermanent Position4471 views
Jacksonville, FL 32256
Permanent Position
Questions?
Click to chat now!
This posting has been closed |
As a Red Team member, you will work collaboratively within a global team to identify risks and vulnerabilities. You’ll be an integral part of the Bank’s defense team, emulating threat actor tactics, techniques, and behaviors and ensuring that the Bank can detect and deter them. You will support the decision-making processes by providing clear analyses to senior management on threats and mitigations.
Key Responsibilities:
- As the primary lead for penetration testing control, you will act as the single point of contact (SPOC) to test and coordinate test findings with applicable technology, information security, and business groups; assist with governance and oversight of penetration testing program
- Apply target operating model for asset penetration testing and assessment in all Bank environments
- Perform or coordinate remediation testing of security vulnerabilities that have been fixed and provide evidence of the results
- Help define management reporting requirements and metrics including risk appetite metrics and key risk indicators
- Maintain ongoing proficiency in network and application exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, network security, and encryption
- Manage budget, vendors, traffic, testing program, onboarding tools, governance and regulatory
Skills and Experience:
- Experience running a variety of penetration testing tools, performing manual testing, validating test results, identifying the root cause, analyzing vulnerabilities, and helping develop platform-specific remediation plans
- 5+ years of experience in penetration testing at the AVP level
- Management experience: 3+ years at the AVP level
- Familiarity with the concepts of defensive programming, open web application security project (OWASP) top 10, and sysadmin, audit, network, and security (SANS) top 25 vulnerabilities
- Experience in bug bounty and vulnerability disclosure programs
- Extensive experience in information security and penetration testing
- One or more of the following security certifications preferred: Offensive Security Certified Professional (OSCP); Offensive Security Web Expert (OSWE); GIAC Penetration Tester (GPEN); GIAC Web Application Penetration Tester (GWAPT) eLearnSecurity Certified Penetration Tester eXtreme (eCPTX); eLearnSecurity Web application Penetration Tester (eWPT); Certified Information Systems Security Professional (CISSP)