Vice President, Security Remediation (Risk & Offensive TTPs)

About The Position

Requirements

• 10+ years of IT systems engineering or IT security engineering experience
• Bachelor's degree in computer science or cyber security is preferred.
• Proven experience in secure design and operations of IT systems
• Cloud (Azure, AWS, GCP) security testing experience preferred both offensive and defensive
• Web API / web service dev/ops or API security experience
• Strong communicator, both verbal and written
• Commitment to advancing skills in the IT risk/security field
• Demonstrated success leveraging scripting and automation skills to improve IT processes and workflows
• Excellent problem-solving abilities and analytical mindset
• Demonstrated understanding of computer engineering fundamentals including familiarity with common offensive and defensive tactics
• Proven success in challenging operational environments including dealing with change, ambiguity and competing priorities
• Risk management experience a plus
• Web development or reversing or exploitation experience preferred
• Familiarity with IP stack and related protocols a must
• Familiarity with web services, servers and related protocols a must
• Experience in one or more of Linux, Windows, Active Directory, Azure Directory, O365
• Familiarity with one or more of BurpSuite, PostFix, Mulesoft or other API proxies, is a plus
• Familiarity with data integration systems and concepts is a plus
• Incident handling/response, malware analysis, adversarial emulation, and offensive skills are a plus
• OSCP, OSWE or OSCE certifications or equivalent demonstrated skills are a strong plus

Responsibilities

• Identify vulnerabilities, exploit weaknesses, and challenge assumptions within security protocols, enabling the organization to understand potential threats from an attacker's perspective
• Replace and extend current manual processes through automation or other appropriate techniques
• Develop and implement additional risk and performance metrics
• Design and supervise implementation of data quality controls and workflows
• Improve vulnerability discovery and risk-based prioritization models
• Collaborate on event management and treatment of emergent vulnerabilities
• Engage with peers in IT architecture and operations, security architecture, red team, effectiveness testing team, hunt team, CTI team, SOC, and other teams to identify and pursue additional opportunities for improvement
• Collaborate with data integration/analytics team to integrate additional findings and finding types into the vulnerability data model

Benefits

• We’re proud to offer a range of competitive benefits, a summary of which can be viewed here: US Benefits Overview
• At AIG, our people are our greatest asset. We know how important it is to protect and invest in what’s most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.