Threat Emulation and Exploit Engineer

The Vanguard Group•Charlotte, PA

11d•Hybrid

About The Position

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Requirements

Minimum of five years related work experience, with three years experience in penetration testing, web application assessments, red teaming, or cyber threat emulations.
Experience in assessing and evaluating threats, vulnerabilities, and exploits to identify potential risks and mitigation strategies.
Proficiency in analyzing and replicating threat actors’ tactics, techniques, and procedures.
Undergraduate degree in a related field or the equivalent combination of training and experience.

Nice To Haves

OSCP, OSWA, CRTO, or CPTS certifications are preferred.

Responsibilities

Leads and responds to escalated cyber security alerts, cyber incidents, or related security investigations. Identifies real-time complex attack patterns and suggests mitigation strategies.
Leads the processes, tools and measures to monitor and detect compromises, risks, vulnerabilities, network security threats, tools and tactics used by modern and emerging threat actors. Facilitates security operations and incident response technologies and methodologies.
Develops, manages, maintains and enhances security controls (alerts, rules, policies, and signatures) for the security platforms.
Reviews the network environment for new and evolving cyber threats and providing preventive and remedial solutions. Identifies malicious activity by performing analysis on logs, traffic flows, and other investigative detective activities.
Conducts penetration testing, vulnerability assessments and threat modeling. Evaluates risks and makes recommendations.
Provides written assessments focused on threats, vulnerabilities, and technologies relevant to Vanguard Infrastructure.
Leads with IT and business teams to ensure prompt and effective distribution of findings so incidents are effectively addressed. Provides department support to the business on enterprise wide security initiatives and projects.
Mentors junior team members to improve their technical acumen
Participates in special projects and performs other duties as assigned.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume