Ethical Hack Analyst
Sorry, this job was removed at 11:17 a.m. (EST) on Thursday, August 8, 2019
By clicking Apply Now you agree to share your profile information with the hiring company.
- Conduct internal and external Penetration Tests and Red Team assessments using a variety of tools to identify vulnerabilities and exposure within MassMutual enterprise networks, systems, and applications
- Partner with Security Operations Center and Incident Response Teams for Purple Team assessments
- Work with Security Intelligence to identify and test real world adversarial tactics, techniques, and procedures.
- Develop custom simulations and tools for continuous automated testing
- Work with third party pen testers as needed
- Provide written, and verbal descriptions of the security issues identified, articulate risk and impact providing recommendations for addressing the identified issues
- Be a participating member in cross training and continuous improvement activity across the Cyber teams
- Develop, research, and maintain proficiency in tools, techniques, countermeasures, and vulnerabilities trends ranging from data compromise/destruction, covert communications, encryption attacks and more
- Participate in Financial sector and Information Security communities to share and consume intelligence to further enhance testing capabilities.
BASIC QUALIFICATIONS:
- 3-5 years’ experience working in the Information Security field, including any of the following: threat intelligence, security operations, incident response, and/or vulnerability management
- Excellent problem solving/analytical thinking skills
- Demonstrated experience performing penetration testing or similar risk assessments
- Experience with security assessment tools, including Nessus, WebInspect, AppDetective, Hailstorm, Metasploit, Burp Suite Pro, Cobalt Strike, or Empire
- Experience with scripting and editing existing code and programming using one or more of the following: Python, PowerShell, Ruby, bash, C/C++, or Java
- Experience with security assessment tools, including; Nessus, Hailstorm, Metasploit, Burp Suite Pro, Cobalt Strike, or Empire
- Demonstrated written and verbal communication skills necessary to convey identified security issues in reports and other formal communication
- Authorized to work in the United States with sponsorship now or in the future.
PREFERRED QUALIFICATIONS
- High intellectual curiosity and a desire for continued learning
- Industry certifications such as GREM, GCFA, GCFE, CEH, GREM, GCFA, GCFE, OSCP, CPT, CEPT, GPEN, etc. are desirable
- BA or BS degree in Cyber Security, Computer Science, or Criminal Justice with a focus in Cyber Security is desirable
See More