Sr Info Security Consultant- Red Team

Location:

4910 Tiedeman Road - Brooklyn, Ohio 44144

The Red team is responsible for the execution of various security tests finding and assessing security weak points, choosing appropriate attack vectors and carrying out a controlled attack that attempts to evade detection or capture. KeyBank’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks. 

Assessments include red team assessments, network and physical penetration tests, wireless tests, and 3rd party testing included in Key’s Vulnerability Management program.

This role will lead efforts in planning, performing and executing various security assessments for Key’s Red Team program. The candidate will bring extensive red team knowledge to futher enhance KeyBanks program.  Practical experience with Red team engagements targeting Linux, Windows, macOS, Google Cloud, Azure and AWS is necessary for success.  The ideal candidate has experience in the information security and/or information technology fields.  The candidate will perform security related functions using current tools and will need to be proficient with the various tools to ensure effective and valid results.  The candidate has excellent technical background across a wide range of security disciplines and solutions.  In this role you will deliver results to stakeholders in the form of written reports and live presentations.  You will also partner with CIS and application teams for remediation. 

From a more general perspective, the candidate will be able to analyze and assess security risk and facilitate the development and implementation of effective compensating controls.  This candidate will function within the Corporate Information Security team, but will ideally be effective across the entire security spectrum and able to analyze complex security issues and explain them in standard business language.  Functional knowledge of both technical and business aspects of security is required.

ESSENTIAL JOB FUNCTIONS

• Perform and lead advanced network and physical penetration testing and complex analysis of vulnerabilities to determine risk posture and findings requiring  resolution from a security and business perspective. 
• Utilize industry leading penetraion testing tools and solutions to effect enhanced security posture for the company (especially in the ethical hacking, vulnerability scanning, and vulnerability exploitation areas)
• Hands on experience with cloud technologies
• Works autonomously and guides work of other team members
• Holistic risk and control analysis including strategic mitigation planning and execution
• Strong business/financial knowledge; in-depth understanding and interpretation of security policies, leading to security best practice implementation and recommendations
• Utilize industry leading tools and solutions to enhance the security posture for the company; subject matter expert (SME) in one or more security/technology areas
• Demonstrated presentation development; tailors message as needed; comfortable presenting to all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations
• Proven relationship building skills working with mid to senior level management and cross-functional teams; strong understanding of risks; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors other team members
• Collaborate with technical teams communicating and assgining findings discovered during an assesment
• Create and update documentation of processes and ongoing associated enhancements
• Interacts with partners as needed to explain work product, security techniques, methodology and results to ensure appropriate business value
• Provides technical security consulting support to address complex business and technology projects and requests
• Identify enhancements to tools, processes and standards
• Interfaces with technology partners and line of business areas
• Acts as single point of contact for assigned work
• Provide direction and act as an escalation point on projects and issues to other  team members
• Acts as a mentor helping more junior team members come up to speed with technical processes and team process
• Acts as a backup for other team members and leadership
• Partner with CIS partners and other teams as needed

REQUIRED QUALIFICATIONS

• Bachelors degree or equivalent work experience
• 7+ years of information security, incident response and/or information technologies experience; 4+ years with Red team or PenTest teams
•  Strong understanding of security, incident response and/or networking/PC concepts
• Experience with scripting, editing existing code, and general programming concepts using one or more of the following: PowerShell, JavaScript, Perl, Python, VB, bash, C/C++, C#, or Java
• Firm understanding of operating systems such as Windows, Linux, macOS
• Cloud computing experience such as Google Cloud, Azure and AWS
• Advanced networking experience
• Experience with attack planning and simulation
• Knowledge and understanding of MITRE ATT&CK framework and TTPs of cyber attacks
• Srong Rearch capabilities reporting back to the team on new topics
• Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to malware, eDiscovery, current threats/attacks and/or vulnerability management
•  Strong research and writing skills
•  Ability to work with little or no supervision after initial briefing
• Ability to guide the work of others
• Knows when to notify management when deadlines are at risk
• Experience in leading a team or significant project
• Act as influencer of peers and management
•  Ability to communicate concisely, effectively and directly to executive management
• Travel for site visits required

Certifications

• Offensive Security Certified Professional (OSCP)
• Certified Red Team Professional (CRTP)
• GIAC Penetration Tester (GPEN)
• CREST Penetration Testing / CBEST Qualifications

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $92,000 to $172,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 09/09/2024

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote