United States
16 hours ago
Adversary Emulation Senior Director

ESSENTIAL JOB FUNCTIONS

 

As an Adversary Emulation Senior Director, you help lead members of the offensive security team to enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations and inform analysis to clearly outline root-causes. In this role, evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

The Adversary Emulation Senior Director will play a role in testing various aspects such as Application Security, Cloud Security, Consumer Fraud, Critical Infrastructure, Data Exfiltration, Emerging Technology, Hardware, Insider Threat, Mainframes, Network Security, Physical Security, Security Controls, and Social Engineering. The successful candidate will have a proven track record in cybersecurity. Additionally, the candidate will be able to demonstrate a general knowledge of computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, and penetration testing tools. The Adversary Emulation Senior Director consists of highly skilled and qualified members who conduct advanced adversary emulation operations to replicate cybersecurity threats targeting the firm. 


Responsibilities include, but may not be limited to the following: 

Manage and Coordinate the Adversary Emulation Security Team: Manage members of the Offensive Security Team, 3rd party engagements, and coordination between teams to conduct various team activities, including penetration testing, red team operations, purple team exercises, and vulnerability assessments. Conduct Penetration Testing: Coordinate testing, and conduct comprehensive penetration tests on various systems, applications, networks, and physical security controls to identify vulnerabilities and security gaps. Red Team Operations: Engage in simulated adversarial attacks to evaluate the effectiveness of existing security measures, response strategies, and incident handling processes. Purple Team Exercises: Conduct purple team exercises to perform adversary emulation against security controls and work with teams and/or measure responses directly to determine security control effectiveness and where enhancements may need to be applied. Vulnerability Assessment: Analyze and assess vulnerabilities discovered during tests, including but not limited to network infrastructure, web applications, databases, and end-user devices. Report Findings: Manage communicate findings, including detailed reports of vulnerabilities, risk assessments, and recommended remediation strategies to both technical and non-technical stakeholders. Collaboration: Work closely with the IT and security teams to understand current security architecture and assist in developing strategies to mitigate identified risks. Compliance: Ensure that penetration testing activities adhere to relevant compliance standards and regulations, including those specific to the casino industry such as PCI-DSS and other gaming regulations. Continuous Improvement: Stay current with the latest security trends, techniques, and vulnerabilities, and apply this knowledge to continuously improve the security posture of the casino. Training and Awareness: Provide guidance and training to internal teams on best practices for security and how to address identified vulnerabilities.

KNOWLEDGE AND EXPERIENCE

10+ years of experience in cybersecurity or resiliency with focuses on securing multiple proficiencies including application security, cloud security, data exfiltration, emerging technology, hardware, mainframe security, network security, physical security and other security controls 5+ years of experience in offensive security testing, including performing targeted, covert security tests with vulnerability identification, exploitation, and post-exploitation activities  3+ years of leading a highly motivated offensive security testing team  Strong understanding of the following: networking fundamentals (all OSI layers, protocols); Windows/ Linux/Unix/Mac operating systems as well as software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite) Familiarity with system administration skills such as configuration, maintenance, and interpretation of log output from networking devices, operating systems, and infrastructure services, as well as with cloud architecture, operations, and security vulnerabilities Experience in multiple businesses or verticals, with organizational and cultural understanding of call centers, payments processes, and client service/sales organizations Expertise in collaborating with high-performing teams and individuals throughout the firm to accomplish common goals Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
Confirm your E-mail: Send Email
All Jobs from Caesars