Director - Penetration Testing

Job Description:

Position Overview

The primary responsibilities of the Director - Penetration Testing is to direct the Penetration Testing process and activities includes planning, coordinating executing and reporting on sophisticated ethical hacking and penetration testing scenarios that simulate the tactics, techniques, and procedures of a variety of threat actors.  

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.   

Essential Duties & Responsibilities

• Direct staff and organize department functions in accordance with company guidelines.

• Delegate tasks and department assignments or projects, meeting deadlines related to those assignments. Focus on achieving the goals or objectives of the department using available resources (staff and budgetary).

• Evaluate the schedule or timelines related to the completion of assignments, while maintaining service and/or product quality.

• Develop staff skills to enhance department effectiveness and manage resources to eliminate excess cost or unnecessary expenditures.

• Knowledgeable leader that can take a deep dive on available solutions and validating found vulnerabilities and explain the importance of secure configuration settings.

• Responsible for directing the development of end-to-end Penetration Testing processes and procedures and meaningful metrics.  Therefore, this position must have expertise in the concepts, tools and the ability to do a deep dive when asked to explain findings and processes.

• The ability to communicate and work effectively with all facets of the corporation is expected along with expertise in communicating with Senior Management.  It’s essential that this position has the ability to quantify and present the program and its metrics to Senior Management.

• Expertise in promulgating risk to the business by correlating vulnerabilities, configuration settings, and penetration testing results by performing an assessment of the risks that considers the threats, our vulnerability to those threats, the likelihood that vulnerabilities will be exploited, the impact of that exploitation will have on the company, and finally what the residual risk will be after the vulnerabilities, configuration settings and finding from the penetration tests are remediated.

• This position is expected to lead the Las Vegas Sands Corp. Penetration Testing program by providing partnership with counterparts in each jurisdiction to attain a globally deployed team that is focused on processes and procedures in support of the Penetration Testing program.

• Lead and coordinate the activities of the Penetration Testing teams.

• Align penetration testing functions with the organization’s overall business objectives by reducing information technology’s exposure to vulnerabilities

• Work closely with peer managers to architect patching strategies for potential vulnerabilities ensuring information security policy and best practices are enforced globally.

• Act as information security’s liaison to internal business units to drive enterprise-wide patching efforts for approved third party software, manage expectations and set service level agreements.

• Act as information security’s liaison to internal business units to drive secure configurations in images used for desktops, servers, network devices, and wireless network devices.

• Manage penetration testing processes and procedures

• Manage remediation efforts including mentoring penetration testers in working with Information Technology to architect solutions

• Produce meaningful metrics and reports

• Participate in incident response activities

• Analyze metrics for trends and patterns to further refine Penetration Testing program effectiveness

• Perform job duties in a safe manner.

• Attend work as scheduled on a consistent and regular basis.

• Performs other related duties as assigned.

Minimum Qualifications

• At least 21 years of age.

• Proof of authorization to work in the United States.

• Bachelor’s degree or equivalent work experience.

• Must be able to obtain and maintain any certification or license, as required by law or policy. 

• At least ten years of experience in Information Security and Technology with expertise in creating and managing teams who are responsible for managing vulnerability and configuration scanning and remediating the valid findings and teams who are focused on performing penetration testing and their remediation.

• Possess an information security certification such as CISSP, or GISP for at least five years or ten years’ experience in hands-on vulnerability management can be substituted for a certification

• Knowledgeable in change management processes and participate or delegate participation in change control process as needed.

• Ability to use automated tools and analysis to assess operating systems, applications, databases, servers and network equipment for vulnerabilities and secure configurations.

• Ability to perform internal and external penetration testing using automated tools and social engineering.

• Knowledge of and familiarity with identity and authentication management and their architecture.

• Knowledge of and familiarity with Public Key Infrastructure and key and certificate management.

• Ability to architect solutions for cross domain solutions to include Microsoft, Linux, IBM, SCADA, and Gaming.

• A working knowledge of vulnerabilities and configuration settings and their exploitation in order to gain access to networks, applications, hosts, and desktops.  (White hat only)

• Security engineering.

• Malware analysis.

• Forensics analysis.

• Reverse software engineering.

• Wireless security architectures, scanning, rogue detection and prevention and secure configurations.

• Threat/Vulnerability Research.

• Source Code Scanning.

• Red Team engagements.

• Red Team and Tabletop exercise experience.

• Ability to gather and report meaningful metrics.

• Strong interpersonal skills with the ability to communicate effectively and interact appropriately with management, other Team Members and outside contacts of different backgrounds and levels of experience.

• Must be able to work varied shifts, including nights, weekends and holidays.