ESSENTIAL JOB FUNCTIONS
As an Adversary Emulation Senior Director, you help lead members of the offensive security team to enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations and inform analysis to clearly outline root-causes. In this role, evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
The Adversary Emulation Senior Director will play a role in testing various aspects such as Application Security, Cloud Security, Consumer Fraud, Critical Infrastructure, Data Exfiltration, Emerging Technology, Hardware, Insider Threat, Mainframes, Network Security, Physical Security, Security Controls, and Social Engineering. The successful candidate will have a proven track record in cybersecurity. Additionally, the candidate will be able to demonstrate a general knowledge of computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, and penetration testing tools. The Adversary Emulation Senior Director consists of highly skilled and qualified members who conduct advanced adversary emulation operations to replicate cybersecurity threats targeting the firm.
Responsibilities include, but may not be limited to the following:
KNOWLEDGE AND EXPERIENCE
10+ years of experience in cybersecurity or resiliency with focuses on securing multiple proficiencies including application security, cloud security, data exfiltration, emerging technology, hardware, mainframe security, network security, physical security and other security controls 5+ years of experience in offensive security testing, including performing targeted, covert security tests with vulnerability identification, exploitation, and post-exploitation activities 3+ years of leading a highly motivated offensive security testing team Strong understanding of the following: networking fundamentals (all OSI layers, protocols); Windows/ Linux/Unix/Mac operating systems as well as software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite) Familiarity with system administration skills such as configuration, maintenance, and interpretation of log output from networking devices, operating systems, and infrastructure services, as well as with cloud architecture, operations, and security vulnerabilities Experience in multiple businesses or verticals, with organizational and cultural understanding of call centers, payments processes, and client service/sales organizations Expertise in collaborating with high-performing teams and individuals throughout the firm to accomplish common goals Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents