Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Red Team Manager
Company Quest Diagnostics
Location Secaucus, NJ
Preferred GIAC Certifications GPEN, GWAPT, GXPN
Travel 0%
Salary Not provided
URL https://careers.questdiagnostics.com/job/it-security-manager-offensive-cybersecurity-red-team-and-ethical-hacking/J3W4JK6XHV58TJVMPKX
Contact Name Please apply using link
Contact Email please-apply-using-link/at/questdiagnostics.com
Expires 2020-11-08

Job Description

Look for more than answers.

Patients and Physicians rely on our diagnostic testing, information and services to help them make better healthcare decisions. These are often serious decisions with far reaching consequences, and require sensitivity, tact and a clear dedication to service. It’s about providing clarity and hope.

As an IT Security Manager: Offensive Cybersecurity, Red Team and Ethical Hacking, you will work for the world leader in the industry, with a career where you will have the opportunity to collaborate and affect change while expanding your leadership skills and technical knowledge. You can make a real impact in a market that is growing and developing.

This will be an on-site position working from our Global Headquarters in Secaucus NJ.

IT Security Manager: Offensive Cybersecurity, Red Team and Ethical Hacking, the role:

The IT Security Manager sets the policy and direction of proactive security assessments to identify weaknesses and vulnerabilities in target systems by emulating malicious hacker techniques in a lawful manner.

As the Manager of Offensive Cybersecurity, Red Team and Ethical Hacking, you will have the opportunity to standup an emerging discipline at Quest and will take ownership of drafting appropriate administrative documentation, including detailed standard operating procedures, incorporating best practices, and metrics.

To ensure success, you will have advanced knowledge of computer and internet security systems and tenacious problem-solving skills. This role is part of Quest’s Cyber Threat Division.

Job responsibilities:

Perform complex ethical hacking assessments and penetration testing against target systems, including mobile devices, servers, web services, web applications, and wireless networks.
Conduct Threat Modeling to identify valuable assets, prioritize vulnerability and attack vectors associated with those assets, and address the most likely threats.
Define, document, and follow a structure process to conducting comprehensive ethical hacking assessments.
Produce detailed reports describing vulnerabilities/risks and provide concise guidance to stakeholders to support remediation.
Coordinate with development and other application teams to provide mitigation recommendations, education, and ensure vulnerabilities are effectively resolved.
Serve as an application security subject matter expert for projects.
Investigate infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
Provide A/B Testing subject matter expertise to project team members.
Expert knowledge of at least one programming language, including one of the following: JavaScript & Ruby, PHP, Perl, Python.
Conducting multiple penetration testing activities spanning all categories of offensive and defensive security (Red Team, Network, Web Application, Client Side, Wireless, Social Engineering, Dumpster Diving)
Present strategic-level briefings/products to Leadership.
As a member of Quest’s Cybersecurity Incident Response Team (CSIRT), assist with Incident Response activities (investigation, mitigation, attribution) and other special projects.
Researching the Company's systems, applications, network structure, and possible penetration sites.
To qualify, the ideal candidate will have the following skills and experience:

3+ years of IT Security experience specific to offensive cyber, red team, ethical hacking activities.
Demonstrated experience in the following areas: threat modeling, application security, penetration testing, vulnerability management, and security consulting for application and/or infrastructure type projects. Experience with industry standard infrastructure and application assessment tools such as, Qualys, Nessus, Burp, Metasploit, Core Impact, Aspect Contrast, Threat Intelligence Platforms.
Familiarity with regulatory and industry security frameworks and best practices such as NIST, OWASP, PCI, SANS. Additionally, experience in planning, implementing and/or supporting the processes associated with the use of these methodologies.
In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
GXPN, GPEN, GWAPT, or similar certifications
Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
Experience with IDS/IPS, honeypot, and firewall evasion.
Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities.
Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
Develop low-level tools that improve security testing and monitoring
Advanced knowledge of networking systems and security software.
Technical knowledge of routers, firewalls, and server systems.
Additional preferred qualifications:

Bachelor’s degree in Information Technology or Computer Science, or equivalent experience; Master’s preferred.
Inherent passion for information security and service excellence.
Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives.
Familiarization with containerization technologies including Docker and Kubernetes.
Quantified record of identifying zero-day vulnerabilities and collection of points/rewards.
Strong analytical skills to identify and analyze security requirements and relate them to appropriate security policies, standards and/or controls. Ability to ensure that applications and infrastructure are designed, built and maintained in accordance with corporate, IT and Security policies and standards.
Ensure that technical solutions effectively meet and support business needs. Proven ability to handle and prioritize multiple assignments, often within limited time constraints.