Senior Offensive Security Engineer

Job Title –AMSOSESPTSSA111 - Senior Offensive Security Engineer / Senior Penetration Tester /Senior Security Analyst
Implementation partner: Altimetrik.
End client: Bank of New York Mellon Corporation (BNYM)
Office location: - New York city,(Onsite)
Duration – C2C or fulltime
Please feel free to send over any names or forward this message to anyone who may be interested. Please check it out on our career site.
Share resume to – yogeshraghuwanshi@thethinkbeyond.com
Link
These Certifications are required - OSCP, OSCE, OSEE, OSWE, CREST, GXPEN.
CBEST, TIBER, iCAST, CORIE, AASE, NYDFS, and DORA testing parameters are ideal experience
Job Description:
Seeking a candidate to plan and execute penetration testing operations in collaboration with business partners, CISOs, BISOs, GSOC, and other stakeholders. The successful candidate will play a crucial role in testing the security program, and identifying potential gaps in people, processes, and technology.
Responsibilities:

• Plan, lead, and execute penetration testing engagements, simulating threat actor roles during tests, attack simulations, training, and exercises.
• Utilize simulated adversary threat-based approaches to expose and exploit vulnerabilities, improving the security of products and the technology landscape.
• Replicate tactics, techniques, and procedures used by modern attackers, including common network exploitation and penetration techniques, and software exploitation.
• Develop attack plans, coordinating with Red Team Operators and 3rd Party vendors to achieve objectives.
• Provide constructive feedback to defenders and product teams, emphasizing successes and failures.
• Develop, modify, and extend tools/exploits for security assessments, including custom tools and automation.
• Establish credibility as a trusted advisor to stakeholders and stay current with advanced attacks for application in red team activities.
• Assist defensive and product teams in understanding how to detect and stop cyber-attacks through purple teaming exercises and CTF demonstrations.
• Contribute to groundbreaking research and promote an environment of innovation and knowledge-sharing within the security enthusiast team.
• Act as an individual contributor, potentially overseeing those at earlier career stages and 3rd party reports in penetration testing engagements.
• Effectively report analysis and findings using various formats such as written reports, Jira, tickets, presentations, etc.
• Maintain and develop penetration testing processes and related artifacts.

Experience:

• Bachelor's Degree in Information Systems/Technology, Computer Science/Engineering, or equivalent field of study, or a minimum of 5 years of cyber security experience.
• Proven experience in Red Teaming and Penetration Testing.
• Minimum 3 years of deep, hands-on technical security experience, including expertise in security technologies, web applications, cryptography, social engineering, open-source intelligence gathering (OSINT), mobile platforms, software security, and malware reverse engineering.
• Deep technical understanding of enterprise operating system environments, Active Directory, and networking.
• Strong understanding of security vulnerabilities and common software engineering flaws.
• Familiarity with popular scripting languages and ability to automate simple tasks.
• Familiarity with CND-based analytical models (Kill Chain, ATT&CK, etc.).
• One or more of the following security certifications preferred: OSCP, OSCE, OSEE, OSWE, CREST, GXPEN.
• Experience working with Financial Services and Critical Infrastructure, including the CBEST, TIBER, iCAST, CORIE, AASE, NYDFS, and DORA testing parameters.
• Strong verbal and written communication skills, along with effective presentation skills.
• Ability to thrive in a fast-paced environment, with problem-solving and barrier-breaking skills.

Powered by JazzHR

ZwNGUhewoH