Penetration Tester - Remote

External candidates: In order for your application to be correctly processed please sign-in before you apply

Internal candidates: Please go to Workday and click "Find Jobs" link under Career

Thank you for considering opportunities with us!

Job Title

Penetration Tester - Remote

Requisition Number

R7192 Penetration Tester - Remote (Open)

Location

Arizona - Home Teleworkers

Additional Locations

Alabama - Home Teleworkers, Alabama - Home Teleworkers, Arkansas - Home Teleworkers, Colorado - Home Teleworkers, Connecticut - Home Teleworkers, Delaware - Home Teleworker, District of Columbia - Home Teleworkers, Florida - Home Teleworkers, Georgia - Home Teleworkers, Idaho - Home Teleworkers, Illinois - Home Teleworkers, Indiana - Home Teleworkers, Iowa - Home Teleworkers, Kansas - Home Teleworker, Kentucky - Home Teleworkers, Louisiana - Home Teleworkers, Maine Home Teleworkers, Maryland - Home Teleworkers, Massachusetts - Home Teleworkers, Michigan - Home Teleworkers, Minnesota - Home Teleworkers, Mississippi - Home Teleworker, Missouri - Home Teleworker, Montana - Home Teleworkers, Nebraska - Home Teleworkers {+ 18 more}

Job Information

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Penetration Tester! Join us and support CSAA IG in achieving our goals.

Your Role: Are you a highly skilled Security professional that has a passion for identifying, assessing, and managing threats, vulnerabilities, and associated risks to enterprise information assets and applications? Bring your proficiency to help us craft and mature our Vulnerability and Offensive Security program. Work closely with our information technology teams to identify and reduce security risks in our IT infrastructure and business applications. You bring to this position a high-level of security expertise and a deep understanding of desktop, server, application and data storage vulnerabilities and how to discover and exploit them in a controlled environment. You'll take the lead and act as a subject matter expert for penetration testing and attack simulation in our data centers, cloud environments and critical business applications, helping us improve our overall threat posture. Help us re-think what it means to be a secure insurance provider in a fast-changing, highly competitive market.

Your work:

• Conduct infrastructure, web application, API, and mobile application penetration testing.

• Develop, document and administer the entire penetration testing lifecycle during engagements.

• Conduct breach and attack simulation operations against CSAA systems to identify gaps in prevention, detection, or response.

• Research, develop, and apply TTPs of relevant threat actors to simulated attack scenarios.

• Provide subject matter expertise on the remediation of discovered vulnerabilities and gaps in security response.

• Leverage threat intelligence to hunt for indicators of compromise and vulnerabilities.

• Develop, deploy, manage and improve breach and attack simulation tools and related processes.

• Design, develop and manage red and blue team exercises and processes contributing to purple team evaluation and response.

• Provide team guidance and mentoring as a subject matter expert in purple team activities.

Required Experience, Education and Skills

• Bachelor’s degree (in Information Technology or a related discipline) or equivalent experience

• 6 or more years of Information Technology and Security experience

• 5 or more years of hands-on penetration testing related experience related to infrastructure and web applications.

• 2 or more years hands-on experience with breach and attack simulation tools

• Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP)

• Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr

• Expert knowledge of OWASP Top 10 and ability to articulate web security risks.

• Experience with MITRE ATT&CK framework and adversary tactics, techniques and procedures

• Solid understanding of penetration testing standards and process, including the development of documentation such as rules of engagement, scope, and remediation reports

• Familiarity with Information Security risk ranking scales and derivation.

• Broad knowledge of IT Security technologies and a solid understanding of architecture, design, deployment and management of information systems

• Experience testing solutions deployed in a public cloud environment (IaaS, PaaS, SaaS)

• Recent experience with Agile development/Scrum teams and operating in a Kanban model.

• Direct experience with common change management procedures and platforms

• Solid understanding of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies

• CISSP, CEH, OSCP, GWAPT, GPEN, or other penetration testing and security-related certifications are highly desired.

What would make us excited about you?

• Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)

• Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)

• Travels as needed for role, including divisional / team meetings and other in-person meetings

• Fulfills business needs, which may include investing extra time, helping other teams, etc

CSAA IG Careers

At CSAA IG, we’re proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.

Join us if you…

• BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.

• COMMIT to being there for our customers and employees.

• CREATE a sense of purpose that serves the greater good through innovation.

Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaa-insurance.aaa.com/us/en/benefits

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don’t miss important updates from us.

If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.

As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues’ different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.

We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers’ evolving needs.

CSAA Insurance Group is an equal opportunity employer.

The national average salary range for this position is $122,850 - $136,500.  However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on county of residence. The full salary range for this position across all the states we hire in is $110,520 - $164,000. This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to10% of eligible pay.  

If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education.

Must have authorization to work indefinitely in the US.

Please note we are hiring for this role remotely anywhere in the United States with the following exceptions: Hawaii and Alaska.

#LI-SB1

.