Senior Penetration Testing (Red Team
Transamerica · Cedar Rapids, IA · 1 wk ago
Quality Assurance$100k–$140k/yrFull-time
About the role
The role is within the Red Team within the global SOC, supporting Aegon's Security program. You will conduct unannounced red team operations and manage penetration tests.
Responsibilities
- Find new and creative ways to break technology through either Red Team or Purple Team operations
- Plan, scope, and implement large scale covert operations that have sophisticated goals and significant impact
- Develop new adversary tools, techniques, or methodologies
- Threat Hunting opportunities to partner with the teams Threat Hunters
- Engage in all phases of Red Team security operations
- Perform network reconnaissance and open-source intelligence gathering
- Configure and safely utilize attack tools, tactics, and procedures against authorized targets
- Develop scripts, tools, or methodologies to enhance red teaming capabilities
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
Qualifications
- Do No Harm approach: operational objectives cannot come at the expense of others
- Growth Mindset: excited for opportunities to solve new problems every day
- Helpful demeanor: we are trusted adversaries and trust needs to remain strong
- Customization of Adversarial Tools: Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF
- Defender experience and knowledge: utilizing Splunk and finding risks
- Web application penetration testing assessments, email, phone, or physical social-engineering assessments
- Developing, extending, or modifying exploits, shell code or exploit tools
- Network penetration testing and manipulation of network infrastructure
- Relevant, recent and verifiable experience in information security and adversary simulation
- Detail knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
- Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
- 3 or more years of Penetration Testing/Red Team experience
- Ability to define and communicate complex technical risk problems, concepts and situations to multiple skill levels, including business personnel with little to no cyber experience
- Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
- Experience with systems such as Service Now, JIRA, and equivalent
- Experience with leading group discussion and presenting to varying levels and audiences
- Self-motivated and self-management skills
Preferred
- Strong knowledge of Penetration Testing and covert Red Team operations and Information Security demonstrated by one or more of the following
- Bachelor degree in Information/Cyber Security, Information Risk, Information Risk Management or equivalent experience
- Bachelor degree in Information Systems, Computer Science, Information Management or similar four-year technical degree or equivalent experience, combined with one or more of the following
- Active Cyber Security certifications
- Experience in Insurance, Payments, Banking or other Fin-Tech Industries
- Strong preference for candidate with excellent Excel and PowerPoint skills