Leverage industry and deep technical expertise to assist leadership in effectively planning application and network attack & penetration audits, and other assurance and compliance audits. Responsible for coordinating programs to be executed with internal and external groups and ensures successful delivery of penetration tests and audits, in line with agreed methods and guidelines. Also responsible for strategic technical planning of engagements for the team in order to advise leadership on the readiness for commencing external audits, and coordinating activities related to audits such as document requests, evidence collection, and liaising with the external auditors and internal departments involved in the audits.MAJOR DUTIES AND RESPONSIBILITIESActively and consistently supports all efforts to simplify and enhance the customer experience.
- Execute application and network penetration testing that will vary in level of complexity from simple to moderately complex.
- Build penetration testing (ethical hacking) strategy for department analyzing applications and size of testing engagement conducted to satisfy annual testing and compliance requirements.
- Provide oversight and provide recommendations to team on penetration testing activities and strategy to include governance, general operational effectiveness, and internal projects.
- Identify and determine causes of security violations, summarize findings, and recommend corrective actions to ensure data security.
- Develop and prioritize detailed project and resource planning for entire team conducting recurring penetration testing.
- Guide team members and advise leadership of the technical and business risks of penetration testing by communicating security issues to a wide variety of internal and external departments to include technical teams, senior leadership, risk committees, and vendors.
- Prepare reports and presentations to communicate findings, identified vulnerabilities and impacts, and strategy/budgeting updates to leadership and business partners throughout organization.
- Develop metrics to to gauge penetration testing effectiveness, progress and key risk areas identified through internal and external audits that reflect the true posture of the penetration testing environment in order to make educated decisions based on risk.
- Manage relationships between ethical hacking team and external third party penetration testers as required.
- Liase with internal and external department teams and leadership for coordination of evidence collection necessary for audit execution.
- Monitor workflow of team's penetration testing schedule and handling of potential threats and provide recommendations to prioritize team deliverables.
- Coach and mentor team members and make recommendations to team's penetration testing and findings (peer review) as needed.
- Serve as escalation point in absence of leadership for team members and external departments' inquiries.
- Maintain subject matter expertise in vulnerability threat management, penetration testing, and incident response methodologies to provide technical expertise, education, and support to team members, leadership teams, and external departments.
- Manage relationship with business partners to identify appropriate technologies, policies, communication channels, organizational structures and relationships with third parties.
- Collaborate with leadership, business and system owners on capabilities and maturity of the IT Security vulnerability, compliance, remediation, and threat management programs.
- Update and review department documentation and penetration testing procedure effectiveness to improve and implement processes around data systems security to provide an effective, efficient best of breed service to organization.
- Perform other duties as assigned.
Skills/Abilities and Knowledge
- Ability to read, write, speak and understand English
- Expert experience coordinating and executing penetration testing activities in a large complex environments.
- Maintain subject matter expertise around threats and vulnerabilities to remain aware of the current security threat landscape
- Expert knowledge of internal and external security testing scopes to provide response to meet management expectations.
- Intermediate knowledge of procurement practices for evaluating external vendors and security tools.
- Ability to team well with others to facilitate and schedule and coordinate required audit activities.
- Demonstrated integrity and judgment within a professional environment.
- Demonstrated ability to think creatively, from different perspectives, in any given scenario.
- Ability to appropriately balance security needs with business impact and benefit.
- Must be able to work independently and with minimal direct supervision.
- Ability to present technical concepts to non-technical audiences.
- Excellent interpersonal and written communication skills to present findings, navigate differences of opinion, work productively with various types of leadership, teams, and employees, vendors, and consultants to seek resolution.
- Ability to be flexible and adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
- Demonstrated good judgment, tact, and decision-making ability.
- Demonstrated good time management, interpersonal, communication, organizational, and decision-making skills.
Bachelor's degree in Cybersecurity, Computer Science or a related discipline, or equivalent work experience;
One or more of the following certifications required or in the process of obtaining:
GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), and/or Certified Internal Auditor (CIA) or other professional certifications in related area.Related Work Experience
5 plus years IT work experience in multiple platforms, operating systems, software, communications, and network protocols.
4 plus years IT work experience conducting hands-on penetration testing.WORKING CONDITIONS
Posting ID: 581221669Posted: 2020-10-21