Principal Red Team Operator - Penetration Testing Remote
Principal Red Team Operator - Penetration Testing Remote
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
AbbVie Information Security is looking for a highly motivated experienced and skilled specialist to join the Attack Surface Management (ASM) team. AbbVies Advanced Security Testing team protects AbbVies patients data and brand by identifying vulnerabilities and threats to our organization through the use of simulated cyber security attacks. Advanced Security Testing is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Principal Red Team Operator to support and improve our efforts to identify and reduce AbbVies attack surface and help our business continue to have remarkable impacts on peoples lives.
This position can be virtual anywhere in the U.S.
The Principal Security Specialist is a key member of the Advanced Security Testing team and will lead efforts in planning developing and executing adversarial exercises against our networks systems applications and users. The Principal Security Specialist will work with internal and external groups to lead communications around risks identified throughout AbbVies environment. This role will make a difference by working with AbbVies defenders to secure our organization against current and emerging threats.
The ideal candidate will have extensive experience performing penetration tests against systems applications and networks in a large enterprise environment and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans.
Responsibilities
- Assist in the development and delivery of overall strategy for the organizations Advanced Security Testing (red team) strategy
- Propose design plan and execute advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVies environment and monitoring/response programs
- Execute maintain and improve the Advanced Security Testing teams stakeholderdefined tactical red team campaign service
- Develop implement and maintain a comprehensive red team maturity model to identify and track key milestones in red team program maturity
- Development maintenance and delivery of key program metrics
- Mentoring and development of junior members of the Advanced Security Testing team
- Perform testing of web and mobile applications to determine the existence or extent of suspected vulnerabilities in support of AbbVies Emerging Threat process
- Develop and deliver highquality reporting and presentations to communicate technical findings to relevant stakeholders
- Identify and recommend strategic and tactical remediation or mitigation strategies to provide an effective approach to risk management for identified issues
- Provide leadership on exploits techniques and countermeasures to members of the Information Security team including AbbVies Cyber Security Incident Response Team (CSIRT) and junior red team staff members
- Act as a red team operator when needed to support the execution of purple team exercises
- Collaborate with AbbVies Threat Detection team to design purple team exercises and measurement
- Identify and implement enhancements to tools standards and processes; provide input into policies and procedures and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis
Qualifications :
- Bachelors Degree and 8 years of experience OR Masters Degree and 7 years experience OR PhD and 3 years experience
- Ability to execute in an autonomous manner contributing to decisions based on specialized knowledge
- Willingness to be available as needed for major and critical security issues
- Demonstrated critical thinking problem solving and analytical skills; investigates defines and resolves critical issues
- Advanced level knowledge of the following:
- Operating systems (including Windows Linux Unix and MacOS)
- Networking fundamentals and technologies
- Cloud computing
- Application architectures and technologies
- Penetration testing techniques and tactics including reconnaissance initial access persistence lateral movement collection and exfiltration
- Expertlevel experience in manual vulnerability identification and testing
- Significant experience in exploit identification and development
- Advancedlevel experience in static code analysis using commercial and opensource tools
- Candidate must have an advanced understanding of security controls such as authentication authorization access control cryptography and network protocols along with security standards and frameworks including Mitre ATT&CK OWASP Top 10 SANS 25 NIST and CVE
- Written and verbal communication skills are critical
- Adept at communicating concepts to diverse audiences with varying skill sets
- Certifications such as OSCP OSCE OSWP or ECSA are strongly preferred
Additional Information :
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation holidays sick) medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our shortterm incentive programs.
This job is eligible to participate in our longterm incentive programs
Note: No amount of pay is considered to be wages or compensation until such amount is earned vested and determinable. The amount and availability of any bonus commission incentive benefits or any other form of compensation and benefits that are allocable to a particular employee remains in the Companys sole and absolute discretion unless and until paid and may be modified at the Companys sole and absolute discretion consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity driving innovation transforming lives serving our community and embracing diversity and inclusion. It is AbbVies policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race color religion national origin age sex (including pregnancy) physical or mental disability medical condition genetic information gender identity or expression sexual orientation marital status status as a protected veteran or any other legally protected group status.
US & Puerto Rico only to learn more visit ;
US & Puerto Rico applicants seeking a reasonable accommodation click here to learn more:
Remote Work :
Yes
Employment Type :
Fulltime
Employment Type
Remote
