Penetration Testing, Associate Vice President

About The Position

Requirements

• 3+ years of experience in application and infrastructure penetration testing, utilizing industry-standard penetration-testing methodologies and security concepts such as OWASP, and the MITRE ATT&CK framework
• 3+ years of experience employing testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire, AutoSploit, Ghidra, IDAPro, OllyDbg, Fiddler
• 3+ years of experience penetration testing in one or more of the following technology areas: network infrastructure (Routers, switches...); security products and services (FW, IDS, IPS, AV...); active directory, servers, services, desktops and mobile devices; operating systems (Windows, Unix/Linux/AIX); databases (MySQL, SQL, DB2...); cloud and container technologies like AWS, Azure, Oracle and Kubernetes
• Operational experience in one or more of these areas: post exploitation, exploitation development, or binary reverse engineering
• Experience with cloud security configurations and understanding of cloud service models (IaaS, PaaS, SaaS)
• Solid understanding of automated security tools and manual testing techniques
• Experience using scripting languages such as Python, PowerShell, Bash, and/or Ruby for automation of testing processes
• Experience creating thorough assessment reporting and documentation
• Keen attention to detail
• Communicates effectively
• Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills
• Exercises sound judgement, prioritizes effectively, and strives for continuous improvement
• Effectively collaborates with colleagues
• Seeks out and leverages available technology to drive efficiency and results
• Understands and applies industry trends and best practices
• Exhibits optimism, resilience, flexibility, and openness to others' ideas
• Values learning as a lifelong professional objective
• Engages inclusively and with intent
• Always acts with integrity

Nice To Haves

• Active certification in one or more of the following disciplines is highly desirable: CEH, GPEN, GCIH, OSCP, OSWE, or similar

Responsibilities

• Conduct black/grey/white-box penetration testing of applications and infrastructure assets to identify exploitable vulnerabilities across MUFG assets
• Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware for client services
• Create custom tools and/or modify existing tools to aid with automation of vulnerability detection
• Prepare reporting on issues found including severity calculation, steps to reproduce, and mitigation/remediation recommendations
• Work closely with infrastructure and application development teams to ensure identified findings are understood and effectively mitigated or remediated in a timely manner
• Continuously research new exploitation/attack techniques for current technology stacks
• Ensure awareness of industry trends and security best practices
• Collaborate on the development of an internal training program for all levels of penetration testers to grow and develop the technical skills needed to be proficient
• Provide technical training and guidance to junior and peer team members

Benefits

• comprehensive health and wellness benefits
• retirement plans
• educational assistance and training programs
• income replacement for qualified employees with disabilities
• paid maternity and parental bonding leave
• paid vacation, sick days, and holidays