Offensive Security Internal Red Team Lead

Offensive Security Internal Red Team Lead - 620

Job Description

Who we are looking for

The Internal Red Team Lead will act as a member of the Offensive Security team within the Global Cyber Security group and will serve as a primary technical resource for penetration testing as well as an advisor on technical and policy matters involving the security of information systems.

This senior Security Engineer role will conduct comprehensive assessments of the operational and technical security controls used by an enterprise applications and critical infrastructure. These assessments help determine the overall effectiveness of the controls and the extent to which they are implemented adequately and correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. The Security Engineer will interact directly with Application and Infrastructure SMEs, Program Management, Information Security Officers (ISOs) and System Owners. Application of technical expertise and a comprehensive understanding of the related IT controls are required, but not limited to the following areas: Access and Authentication, Data Security, Secure Software Management, Infrastructure Operations, Network Edge Protection, and Vulnerability Management.

What you will be responsible for

• Assist with distribution of work assignments to other Red Team members.
• Test enterprise defenses; attacking, detection avoidance and preventing circumvention to determine level of risk and exposure.
• Perform full, detailed security risk assessments and penetration tests on a wide variety of high or critical business solutions that include but are not limited to software, hardware, networks, and mobile devices as well as complex solutions that may include any number of the above configurations
• Ensure compliance of system and application security in accordance with corporate security practices/guidelines and relevant technology standards.
• Identifying control gaps and work with application SMEs to provide actionable risk remediation activities and timelines.
• Prepare final security assessment reports containing the results and findings from the
• assessment.
• Iteratively enhance the overall assessment processes. Follow and advance the security risk assessment methodology
• Assist with resolution of all findings as needed
• Document and standardize testing methodologies, toolsets and reporting standards
• Educate users/colleagues on information security topics such as policies, standards, guidelines and best practices
• Perform scheduled firewall ruleset reviews
• Create ad hoc and monthly executive management reports

What we value

• Methodologies for Infrastructure and Application Penetration Testing
• Deep knowledge of attack frameworks, such as MITRE ATT&CK
• Execute Vulnerability Scanning
• Cloud Security Concepts
• IT and Network infrastructure technologies
• Familiarity various penetration test utilities and tool suites
• Ability to perform light programming tasks using common languages such a python and bash
• Demonstrated ability to identify core issues and work with leaders and team members to resolution
• IT and Network infrastructure technologies
• Ability to perform light programming tasks using common languages such a python and bash
• Ability to consider short term and long term implications of a recommended solutions
• Demonstrated ability to identify core issues and work with leaders and team members to resolution
• Strong organizational, task switching, and prioritizing skills
• Ability to work independently and solve challenging problems while collaboration with stakeholders
• Knowledge and interest in current vulnerability related trends
• Attention to detail
• Driving to results
• Strategic thinking
• Collaboration and influencing
• Working professionally with confidential information
• Presentation skills, both orally and written
• Ability to work well with others and under pressure
• Demonstrated professionalism in approach to communicating ideas and solutions in simple language

Experience Desired

5+ years of Penetration Testing and Security Assessments

7+ years of Cybersecurity

5+ years of Vulnerability Scanning

OSCP, CEH, or CISSP preferred.   CSPM a plus.

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You’ll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Discover more at StateStreet.com/careers