Senior Penetration Testing (Red Team
Transamerica · Denver, CO · 1 wk ago
Quality Assurance$100k–$140k/yrFull-time
About the role
The role is within the Red Team within the global SOC at Aegon, focusing on unannounced red team operations and managing penetration tests.
Responsibilities
- Find new and creative ways to break technology through either Red Team or Purple Team operations
- Plan, scope, and implement large scale covert operations that have sophisticated goals and significant impact
- Develop new adversary tools, techniques, or methodologies
- Threat Hunting opportunities to partner with the teams Threat Hunters
- Engage in all phases of Red Team security operations
- Perform network reconnaissance and open-source intelligence gathering
- Configure and safely utilize attack tools, tactics, and procedures against authorized targets
- Develop scripts, tools, or methodologies to enhance red teaming capabilities
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
Qualifications
- Do No Harm approach: operational objectives cannot come at the expense of others
- Growth Mindset: Excited for opportunities to solve new problems every day
- Helpful demeanor: We are trusted adversaries and trust needs to remain strong
- Customization of Adversarial Tools: Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF
- Defender experience and knowledge: Utilizing Splunk and finding risks
- Web application penetration testing assessments
- Email, phone, or physical social-engineering assessments
- Developing, extending, or modifying exploits, shell code or exploit tools
- Network penetration testing and manipulation of network infrastructure
- Relevant, recent and verifiable experience in information security and adversary simulation
- Detail knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
- Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
- 3 or more years of Penetration Testing/Red Team experience
- Ability to define and communicate complex technical risk problems, concepts and situations to multiple skill levels, including business personnel with little to no cyber experience
- Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
- Experience with systems such as Service Now, JIRA, and equivalent
- Experience with leading group discussion and presenting to varying levels and audiences
- Self-motivated and self-management skills
- Strong knowledge of Penetration Testing and covert Red Team operations and Information Security demonstrated by one or more of the following:
- Bachelor degree in Information/Cyber Security, Information Risk, Information Risk Management or equivalent experience
- Bachelor degree in Information Systems, Computer Science, Information Management or similar four-year technical degree or equivalent experience, combined with one or more of the following:
- Active Cyber Security certifications
- Experience in Insurance, Payments, Banking or other Fin-Tech Industries
- Strong preference for candidate with excellent Excel and PowerPoint skills
What We Offer
- Comprehensive benefits package
- Pension Plan
- 401k Match
- Employee Stock Purchase Plan
- Tuition Reimbursement
- Disability Insurance
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Employee Discounts
- Career Training & Development Opportunities
- Health and Work/Life Balance Benefits
- Paid Time Off
- Parental Leave
- Employee Assistance Program
- Back-Up Care Program
- PTO for Volunteer Hours
- Employee Matching Gifts Program
- Employee Resource Groups
- Inclusion and Diversity Programs
- Employee Recognition Program
- Referral Bonus Programs