Senior Red Operation & Team Penetration Testing Analyst
About The Position
This dynamic role requires broad understanding of red team operations and penetration testing principles to support Aegon’s Security program. As a part of the Red Team within the global SOC, you will be a part of the Security Operations team responsible for unannounced red team operations and managing penetration tests. The Red Team conducts advanced adversary emulation operations to challenge assumptions and emulate cyber and criminal threat actors targeting or attacking the business. As a Red Team member, you will participate in the design and execution of campaign-based security operations for Aegon, spanning a varying array of targets. Successful team members must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies. To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming. Red team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge.
Requirements
- Do No Harm approach: operational objectives cannot come at the expense of others
- Growth Mindset. Excited for opportunities to solve new problems every day
- Helpful demeanor. We are trusted adversaries and trust needs to remain strong
- Customization of Adversarial Tools: Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF are examples
- Defender experience and knowledge. Utilizing Splunk and finding risks
- Web application penetration testing assessments
- Email, phone, or physical social-engineering assessments
- Developing, extending, or modifying exploits, shell code or exploit tools
- Network penetration testing and manipulation of network infrastructure
- Relevant, recent and verifiable experience in information security and adversary simulation
- Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
- Experience with Red, Blue, or Purple teaming exercises
- Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
- 3 or more years of Penetration Testing/Red Team experience
- Ability to define and communicate complex technical risk problems, concepts and situations to multiple skill levels, including business personnel with little to no cyber experience
- Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
- Experience with systems such as Service Now, JIRA, and equivalent
- Ability to fluently read, write and speak English
- Experience with leading group discussion and presenting to varying levels and audiences
- Self-motivated and self-management skills
Nice To Haves
- Strong knowledge of Penetration Testing and covert Red Team operations and Information Security demonstrated by one or more of the following:
- Bachelor degree in Information/Cyber Security, Information Risk, Information Risk Management or equivalent experience
- Bachelor degree in Information Systems, Computer Science, Information Management or similar four-year technical degree or equivalent experience, combined with one or more of the following:
- Active Cyber Security certifications
- Experience in Insurance, Payments, Banking or other Fin-Tech Industries
- Strong preference for candidate with excellent Excel and PowerPoint skills
Responsibilities
- Find new and creative ways to break technology through either Red Team or Purple Team operations
- Plan, scope, and implement large scale covert operations that have sophisticated goals and significant impact
- Develop new adversary tools, techniques, or methodologies
- Threat Hunting opportunities to partner with the teams Threat Hunters, using our special adversarial talents to discover and eradicate threats
- Engagement in all phases of Red Team security operations
- Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
- Perform network reconnaissance and open-source intelligence gathering
- Configure and safely utilize attack tools, tactics, and procedures against authorized targets
- Develop scripts, tools, or methodologies to enhance red teaming capabilities
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
Benefits
- Competitive Pay
- Bonus for Eligible Employees
- Pension Plan
- 401k Match
- Employee Stock Purchase Plan
- Tuition Reimbursement
- Disability Insurance
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Employee Discounts
- Career Training & Development Opportunities
- Paid Time Off starting at 160 hours annually for employees in their first year of service.
- Ten (10) paid holidays per year (typically mirroring the New York Stock Exchange (NYSE) holidays).
- Be Well Company holistic wellness program, which includes Wellness Coaching and Reward Dollars
- Parental Leave – fifteen (15) days of paid parental leave per calendar year to eligible employees with at least one year of service at the time of birth, placement of an adopted child, or placement of a foster care child.
- Adoption Assistance
- Employee Assistance Program
- Back-Up Care Program
- PTO for Volunteer Hours
- Employee Matching Gifts Program
- Employee Resource Groups
- Inclusion and Diversity Programs
- Employee Recognition Program
- Referral Bonus Programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
