State Street
State Street provides investment servicing, investment management, investment research and trading services to institutional investors worldwide.The Red Team Engineer will perform as a member of the Offensive Security team within the Global Cyber Security group and will serve as a technical resource for penetration testing as well as an advisor on technical matters involving the security of information systems.
The Red Team Engineer will conduct comprehensive assessments of the operational and technical security controls used by enterprise applications and critical infrastructure. These assessments help determine the overall effectiveness of the controls to ensure they are implemented adequately and correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. The Red Team Engineer will interact directly with Application and Infrastructure SMEs, Program Management, Information Security Officers (ISOs), and System Owners. Application of technical expertise and a comprehensive understanding of the related IT controls are required, but not limited to the following areas: Access and Authentication, Data Security, Secure Software Management, Infrastructure Operations, Network Edge Protection, and Vulnerability Management.
What you will be responsible for:
- Test enterprise defenses; attacking, detection avoidance and preventing circumvention to determine level of risk and exposure.
- Perform full, detailed security risk assessments and penetration tests on a wide variety of high or critical business solutions that include but are not limited to software, hardware, networks, and mobile devices as well as complex solutions that may include any number of the above configurations.
- Ensure compliance of system and application security in accordance with corporate security practices/guidelines and relevant technology standards.
- Prepare final security assessment reports containing the results and findings from the assessment.
- Conduct follow up and assist with resolution of all findings, as needed.
What we value:
- Perform Infrastructure and Application Penetration Testing
- Deep knowledge of attack frameworks, such as MITRE ATT&CK
- Execute Vulnerability Scanning
- Cloud Security Concepts
- IT and Network infrastructure technologies
- Familiarity with various penetration test utilities and tool suites
- Ability to perform light programming tasks using common languages such as Python and Bash
- Demonstrated ability to identify core issues and work with leaders and team members to resolution
- Strong organizational, task switching, and prioritizing skills
- Ability to work independently and solve challenging problems while collaborating with stakeholders
- Knowledge and interest in current vulnerability-related trends
- Driving to results
- Collaboration and influencing
- Working professionally with confidential information
- Presentation skills, both orally and written
- Ability to work well with others and under pressure
- Demonstrated professionalism in approach to communicating ideas and solutions in simple language
Experience Desired:
Education: Bachelor's
- 3+ years of network and/or application penetration testing
- 5+ years of experience in security/systems/network engineering and/or development
- CEH, OSCP, CISSP, or equivalent preferred.
Salary Range:
$110,000 - $185,000 Annual
#J-18808-Ljbffr