AVPSenior ManagerManager - Cyber Security

Job Description:

• Conduct high risk and sensitive ethical hacks of internally and externally hosted applications according to scope defined by Red team.
• Coordinate and execute system/network level advanced red team and ethical hacking exercises.
• Design and develop scripts frameworks and tools required for facilitating and executing complex undetectable attacks.
• Reviews results of network and application ethical hacks in order to determine severity of findings and to ensure proper remediation is applied.
• Performs penetration and remediation testing & reporting through the application of expert ethical hacking and penetration techniques in a fastpaced highly technical environment.
• Provide accurate and timely reporting of findings and proposed remediation and mitigations.
• Coordinate Red team operational briefings and presentations to nontechnical audience and executive management as required.
• Technical support could include but not limited to the following: (1) Audit support & remediation (2) Process Improvement (3) Analysis & Reporting (4) Cross Divisional Functional education training and awareness (5) Function/Methodology/Strategy advancement.
• Perform research of emerging technologies and design frameworks and capabilities required to perform Red team exercises of new technologies adopted.
• Able to work at an intermediate level when executing and improving work processes to ensure achievement of business goals.
• Broad responsibilities will be to develop maintain and enhance a worldclass infrastructure for conducting Red Team Operations:
• Utilize Red Team / Penetration Testing experience to architecturally design a secure operational environment.
• Daytoday management of red team infrastructure
• Communications on how to effectively employ Red Team tools and services and what capabilities are available
• Provide consultative guidance to Red Team Lead on feasibility of scoped operations as well as input into remediations and paths for effectively addressing identified vulnerabilities from past campaigns
• Plan scope and oversee red team infrastructure design modifications for both continuous testing assignments and targeted exercises for
• Development of automation mechanisms for reporting and provisioning of the infrastructure when requested
• Developing configuring updating and providing the Red Team physical / wireless field kits which contain common tools and hardware for conducting onsite operations
• Support Red Team Lead in operational support request and progression of the service
• Develop and conduct relevant cyber incident tabletop exercises for both technical and nontechnical participants.
• Develop the Red Team framework and supporting documentation/processes.
• Review security vulnerabilities and determine what mitigations are needed to minimize risk to the organization via enhancements to the existing environment.
• Perform manual system penetration testing including web applications security controls and mobile deployments beyond the use of automated tools.
• Plan and drive internal and external Red Team exercises to mimic adversary tactics and work closely with the Blue Team to test existing controls and detection capabilities.
• Explore and participate in proofofvalues and evaluation for new cybersecurity solutions.
• Perform internal red team program assessments including Penetration Testing Red/Blue Teaming Programs Cyber Tabletop Exercises
• Summarize assessments for senior leadership including areas of success and areas of opportunities
• Perform complex security related testing creating test cases performing manual and automated tests
• Report on problems encountered and documenting test results for followup
• Analyse security test results draw conclusions from results and develop targeted testing as deemed necessary
• Develop processes and implement tools and techniques to perform ongoing security assessments of the environment
• Identify and remediation of any findings which are produced by the associated programs with the other Cybersecurity departments as well as Cybersecuritys Business and Information technology partners
• Work closely with other groups within the Global Technology organization in order to develop the strong partnerships required to meet cybersecurity technology goals integrating the designs for secure application network and product development supporting business intelligence.

Key Skills:

• Certification like CISSP CISA or CISM
• Ability to handle senior management escalation.
• Vendor management Skills
• Effective communication
• Proficient team leader
• Strategic skills
• Decision making and communication.
• Risk management skills
• Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry
• Technical working knowledge understanding of SIEM technology various other security technology (EDR NDR HIPS WAF IDS IPS Firewall Networking) etc.
• Network penetration testing and manipulation of network infrastructure
• Mobile and/or web application assessments
• Email phone or physical socialengineering assessments
• Shell scripting or automation of simple tasks using Perl Python or Ruby
• Understanding of Developing extending or modifying exploits shellcode or exploit tools
• Understanding of Developing applications in C# ASP .NET Objective C Go or Java (J2EE)
• Reverse engineering malware data obfuscators or ciphers
• Source code review for control flow and security flaws
• Strong knowledge of tools used for wireless web application and network security testing
• Thorough understanding of network protocols data on the wire and covert channels
• Mastery of Unix/Linux/Mac/Windows operating systems including bash and PowerShell
• Polished presentation skills to include capabilities at technical executive and board levels

Experience:

• Overall 12 15 year on experience in Information/Cyber Security
• Experience in managing Red Team for 5 years
• Experience in managing 5 members team which may include vendor teams.
• CREST Certified Simulated Attack Specialist (CCSAS)
• CREST Certified Simulated Attack Manager (CCSAM)
• CREST Certified Tester of Infrastructure (CCT INF)
• Offensive Security Certified Expert (OSCE)
• Offensive Security Evasion Techniques and Breaching Defences (OSEP)
• Offensive Security Advanced Windows Exploitation (OSEE)
• Penetration Testing and Ethical Hacking/Purple Team SANS courses

Cyber Security,Information Security,Firewall,Red Team