Who we are looking for

The Security Engineer will act as a member of the Control Assessment and Testing Team (CATT) within the Corporate Information Security (CIS) and will serve as a primary technical resource for penetration testing as well as an advisor on technical and policy matters involving the security of information systems.

The Security Engineer will conduct comprehensive assessments of the operational and technical security controls used by an enterprise applications and critical infrastructure.  These assessments help determine the overall effectiveness of the controls and the extent to which they are implemented adequately and correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. The Security Engineer will interact directly with Application and Infrastructure SMEs, Program Management, Information Security Officers (ISOs) and System Owners. Application of technical expertise and a comprehensive understanding of the related IT controls are required, but not limited to the following areas: Access and Authentication, Data Security, Secure Software Management, Infrastructure Operations, Network Edge Protection, and Vulnerability Management.

What you will be responsible for

As Red Team Security Engineer you will

• Perform simulated attacks on systems to identify protective and detective gaps in Cyber functions.
• Test enterprise defenses; attacking, detection avoidance and preventing circumvention to determine level of risk and exposure.
• Perform full, detailed security risk assessments and penetration tests on a wide variety of high or critical business solutions that include but are not limited to software, hardware, networks, and mobile devices as well as complex solutions that may include any number of the above configurations
• Ensure compliance of system and application security in accordance with corporate security practices/guidelines and relevant technology standards.
• Identifying control gaps and work with application SMEs to provide actionable risk remediation activities and timelines.
• Prepare final security assessment reports containing the results and findings from the assessment.
• Iteratively enhance the overall assessment processes. Follow and advance the security risk assessment methodology
• Conduct follow up and assist with resolution of all findings (internal/external audit, other)
• Document and standardize testing methodologies, toolsets and reporting standards
• Educate users/colleagues on information security topics such as policies, standards, guidelines and best practices

What we value

These skills will help you succeed in this role

• Expertise in Windows, Linux, and Networking
• Knowledge of Cloud Security Concepts
• Deep knowledge of attack frameworks such as Mitre ATT&CK
• 3+ years of Penetration Testing and Security Assessments
• 5+ years of Cybersecurity
• 3+ years of Vulnerability Scanning
• On-Site working is not required for this position.  Remote location arrangements will be considered.

Education & Preferred Qualifications

• Education: Bachelor's
• Licensing:  CISSP, OSCP, CEH, or equivalent