Sr Info Security Consultant – Red Team at KeyBank – 4910 Tiedeman Road, Brooklyn, OH

Posted on by Vaseline

Location:

4910 Tiedeman Road – Brooklyn, Ohio 44144

The Red Team is responsible for conducting various security tests, finding and assessing security weaknesses, choosing suitable attack vectors, and executing a controlled attack that attempts to evade detection or capture. KeyBank’s Red Team is an active threat emulation team that models real threats and executes simulated attacks.

Assessments include red team assessments, network and physical penetration testing, wireless testing, and third-party testing, which is part of Key’s Vulnerability Management program.

This role will lead efforts in planning, executing, and executing various security assessments for Key’s Red Team program. The candidate will bring extensive red team knowledge to further enhance KeyBanks program. Hands-on experience with Red team engagements focused on Linux, Windows, macOS, Google Cloud, Azure, and AWS is necessary for success. The ideal candidate will have experience in Information Security and/or Information Technology. The candidate will perform security-related functions using current tools and must be proficient with the various tools to ensure effective and valid results. The candidate has an excellent technical background in a wide range of security disciplines and solutions. In this role, you will deliver results to stakeholders in the form of written reports and live presentations. You will also collaborate with CIS and application teams for remediation.

From a more general perspective, the candidate will be able to analyze and assess security risks and facilitate the development and implementation of effective compensating controls. This candidate will function within the Corporate Information Security team, but will ideally be effective across the security spectrum and be able to analyze complex security issues and explain them in standard business language. Functional knowledge of both technical and business aspects of security is required.

ESSENTIAL FUNCTIONS OF THE JOB

  • Conduct and lead advanced network and physical penetration tests, as well as complex vulnerability analyses to determine risk position and findings that need to be remediated from a security and business perspective.
  • Use leading penetration testing tools and solutions to improve your organization’s security posture (particularly in the areas of ethical hacking, vulnerability scanning, and vulnerability exploitation)
  • Hands-on experience with cloud technologies
  • Works autonomously and directs the work of other team members
  • Holistic risk and control analysis including strategic mitigation planning and execution
  • Strong business/financial knowledge; deep understanding and interpretation of security policies, leading to implementation of security best practices and recommendations
  • Use leading tools and solutions to improve the company’s security posture; expert in one or more security/technology areas
  • Demonstrated presentation development; adapts message as needed; comfortable presenting at all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations
  • Demonstrated relationship building skills working with mid to senior level management and cross-functional teams; strong risk acumen; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors other team members
  • Collaborate with technical teams to communicate and review findings discovered during an assessment
  • Create and update documentation of processes and associated ongoing improvements
  • Interact with partners as needed to explain work products, security techniques, methodology and results to ensure appropriate business value
  • Provides technical security consulting support to address complex business and technology projects and requests
  • Identify improvements to tools, processes and standards
  • Interfaces with technology partners and industries
  • Serves as a single point of contact for assigned work
  • Provide direction and act as an escalation point for projects and issues for other team members
  • Acts as a mentor and helps junior team members get up to speed on technical and team processes
  • Acts as a backup for other team members and managers
  • Collaborate with CIS partners and other teams as needed

REQUIRED QUALIFICATIONS

  • Bachelor’s degree or equivalent work experience
  • 7+ years of experience in information security, incident response and/or information technologies; 4+ years with Red Team or PenTest teams
  • Strong knowledge of security, incident response and/or network/PC concepts
  • Experience with scripting, editing existing code, and general programming concepts using one or more of the following programs: PowerShell, JavaScript, Perl, Python, VB, bash, C/C++, C#, or Java
  • In-depth knowledge of operating systems such as Windows, Linux, macOS
  • Experience with cloud computing such as Google Cloud, Azure and AWS
  • Advanced networking experience
  • Experience with attack planning and simulation
  • Knowledge and understanding of the MITRE ATT&CK framework and TTPs of cyber attacks
  • Strong research capabilities reporting to the team on emerging topics
  • Demonstrated ability to understand and analyze complex issues, and then apply experience and judgment to develop sound recommendations, particularly related to malware, eDiscovery, current threats/attacks and/or vulnerability management
  • Strong research and writing skills
  • Ability to work with little or no supervision after initial briefing
  • Ability to guide the work of others
  • Know when to alert management if deadlines are at risk
  • Experience in leading a team or a major project
  • Acting as an influencer of colleagues and management
  • Ability to communicate concisely, effectively and directly with management
  • Travel required for site visits

Certifications

  • Certified Offensive Security Professional (OSCP)
  • Certified Red Team Professional (CRTP)
  • GIAC Penetration Tester (GPEN)
  • CREST Penetration Testing / CBEST Qualifications

COMPENSATION AND BENEFITS

This position is eligible for a base salary in the range of $92,000 to $172,000 per year, depending on location and job-related factors such as experience level. Compensation for this position also includes eligibility for short-term incentive compensation and deferred incentive compensation depending on individual and company performance.

Click here for a list of benefits you are eligible for for this position.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, reserving space for those whose roles require dedicated workspaces, while providing flexible options for roles that are less reliant on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role can be mobile or home-based, meaning you may be working primarily in a home office or at a Key facility to perform your duties.

Vacancy expiration date: 09/09/2024

KeyCorp is an equal opportunity, affirmative action employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other protected category.

Qualified individuals with disabilities or disabled veterans who are unable or limited to register through this site may request reasonable accommodations by sending an email to [email protected].

#LI-Remote

Avatar for Vaseline
Vaseline https://newspowergreen.biz.id

You May Also Like

More From Author