Red Team Analyst

It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
Summary
At Simmons Bank, Red Team Analysts are responsible for emulating adversaries and their attack vectors to help identify and remediate vulnerabilities. The Red Team Analyst will primarily work independently but will work with teams across the bank's footprint while resolving identified issues.
You'll join a team of associates dedicated to ensuring the security of the corporate network and be responsible for the testing and assist with remediations of those systems.
Essential Duties and Responsibilities

• Develop a basic understanding of the bank's product offerings, how they work, and how they could be attacked or abused
• Propose, plan, and execute Red Team operations based on realistic threats to the bank
• Automate attack techniques, creating custom tooling for specific operations and contributing to general-purpose open source tools
• Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations
• Collaborate with the bank's Incident Response team to improve detection and response capabilities
• Collaborate with the bank's technology and security teams to propose defensive improvements to cloud environments
• Collaborate across multiple application teams to propose enhancements to the bank's SaaS and self-hosted services
• Collaborate with non-technical teams to propose process and policy enhancements
• Stay informed on current security trends, advisories, publications, and academic research that is relevant to the bank and our industry
• Use SIEM tools and other security technologies to test vulnerabilities and validate remediations
• Support the bank's SOC by identifying indicators of compromise (IOCs), suspicious events, and other malicious tactics, techniques, and procedures (TTPs)
• Perform validation of vulnerability remediation efforts across the bank.
• Participates in rotating on-call schedule related to security issues.
• Communicates security concerns to management in a timely manner
• Takes initiative and responsibility for achieving desired results
• Performs other duties as assigned

Qualifications
Education and/or Experience

• Bachelor's Degree or equivalent experience
• Minimum of 2-3 years of prior experience in a technology or security role

Certificates, Licenses, Registrations (preferred)

• Offensive Security Certified Professional (OSCP)
• Practical Network Penetration Tester (PNPT)
• GIAC Penetration Tester Certification (GPEN)
• Security+
• Other red-team oriented certifications

Other Qualifications (preferred)

• Understanding of the MITRE ATT&CK framework
• Ability to automate tasks by writing basic scripts/programs
• Ability to read and understand multiple programming languages
• Command-line experience with Windows and Linux-based operating systems
• Experience exploiting vulnerabilities in at least two of the following areas:
  • Web applications
  • Cloud environments (e.g. AWS, Azure, GCP)
  • Windows workstations
  • Software supply chain
• Basic hands-on experience with at least one of the major cloud providers (e.g. AWS, GCP, Azure)
• Possesses an adversarial mindset (putting yourself in the mind of the attacker)
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
• Strong organizational, problem solving, and planning skills with the ability to set priorities
• Must possess excellent customer service skills

Equal Employment Opportunity Information: Simmons First National Corporation and its subsidiaries are committed to a policy of equal employment with respect to a person's race, color, religion, sex, ancestry, sexual orientation, gender identity, national origin, covered veterans, military status, physical or mental disability or any other legally protected classifications. Simmons First National Corporation and its subsidiaries are committed to Affirmative Action Programs consisting of results-oriented procedures to ensure equal employment opportunities. These programs require positive action in lieu of neutral non-discrimination and merit hiring/performance policies.