Info Security Analyst- Red Team

Location:

4910 Tiedeman Road - Brooklyn, Ohio 44144

The Red team is responsible for the execution of various security tests finding and assessing security weak points, choosing appropriate attack vectors and carrying out a controlled attack that tempts to evade detation or capture.  Assessments include red team assessments, network and physical penetration tests, social engineering tests, wireless tests, and 3rd party testing included in Key’s Vulnerability Management program.

The ideal candidate has experience in the information security and/or information technology fields.  The candidate will perform security related functions using current tools and will need to be familiar with the various tools to ensure effective and valid results.  The candidate has solid technical background across a wide range of security and/or technology disciplines and solutions.  The candidate must have good writing and customer interface skills. 

The candidate should be familiar with security and/or technology risk and compensating controls.  This candidate will function within the Corporate Information Security team but will ideally be effective across the entire security spectrum and able to analyze security issues and explain them in standard business language.  Functional knowledge of both technical and business aspects of security is highly desirable.

ESSENTIAL JOB FUNCTIONS

• Execute all phases of offensive security operations participating in both red and purple team testing
  • Perform network and physical penetration testing
  • Perform red team assessments
  • Analysis of vulnerabilities to determine risk posture and findings requiring resolution from a security and business perspective
  • Conduct thorough assessments of cloud-based services to identify and exploit vulnerabilities unique to this environment
• Resolving findings from a security and business perspective
• Utilize industry leading tools and solutions to effect enhanced security posture for the company
• Understanding of networking and/or technical skills; demonstrated ability to utilize tools and solutions
• Participate in planning, design and implementation of team operations and plans
• Research emerging technologies, industry trends and best practices in order to complete in depth assessments
• Develop scripts, tooling and methodologies to support planned assessments
• Ability to generate reports on results of assessments conducted
• Ability to research options for attack
• Analyze, summarize simple to moderately complex data and communicate / escalate appropriately
• Understanding of security and technology strategies, related security controls and processes, and general business/financial knowledge
• Works under general direction/supervision
• Developing baseline understanding of enterprise technology strategy, business hierarchy and corporate culture
• Good writing and verbal communication skills; logical organization of information
• Abily to create presentations and present to all levels of management
• Supports leadership and team; background in technology and/or information security, understand the risks and issues facing Key from a security perspective; ability to tailor options to the client
• Create documentation of processes and ongoing associated enhancements
• Provides technical security consulting support to address business and technology projects and requests
• Acts as single point of contact for assigned work
• Escalates problems in a timely manner
• Acts as a backup for other team members 

REQUIRED QUALIFICATIONS

• Bachelor's degree or equivalent work experience
• Experience in information security, incident response and/or information technologies
• Experience with scripting, editing existing code, and general programming concepts using one or more of the following: PowerShell, JavaScript, Perl, Python, VB, bash, C/C++, C#, or Java
• Understanding of cloud computing models, technologies and concepts
• Firm understanding of Windows and Linux environments
• Understanding of operating system security controls
• Ability to understand and analyze issues, then apply experience and judgment to develop sound recommendations.
• Knowledge and understanding of MITRE ATT&CK framework and TTPs of cyber-attacks at a conceptual level.
• Strong research and writing skills
• Ability to work independently within a team environment
• Knows when to notify management when deadlines are at risk.
• Ability to communicate concisely, effectively and directly to management.
• Some travel required

Additional – Good to have certifications

• Offensive Security Certified Professional (OSCP)
• Certified Red Team Professional (CRTP)
• GIAC Penetration Tester (GPEN)
• CREST Penetration Testing / CBEST Qualifications

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $55,000 to $83,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 09/03/2024

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote