Senior Red Team Analyst

113531
Malvern, PA, US
Philadelphia, PA, US

November 17, 2017
Vanguard, one of the world’s largest investment management companies and a recognized employer of choice, seeks a senior Red Team Analyst to assess and document risks to Vanguard’s infrastructure by performing security reviews and vulnerability testing of deployed architectures and configurations. The senior analyst will provide guidance to asset owners and risk teams regarding the mitigation and acceptance of risks. Define technical security requirements and provide direction to technology teams.

The Red Team within Enterprise Security and Fraud (ES&F) will support the broader information technology and security objectives within Vanguard. The senior Red Team Analyst will help to identify vulnerabilities, test adversary TTP’s, exploit vulnerabilities before the adversary exploits them, and provide fact based feedback, risk analysis, and recommendations for improvement.
The successful candidate will drive innovation and is passionate about cyber security. You will part of building a world class cyber team whose primary focus is leading technical Red Team assessments.

Duties and Responsibilities

1. Builds and conducts red team and war gaming exercises to challenge Vanguard’s security strategy and effectiveness.

2. Leverages war gaming to simulate security incidents, observe Vanguard’s response across monitoring, incident, and identify enhancement opportunities.

3. Defines rules and parameters for ethical hacking of systems, software and networks to identify and mitigate potential vulnerabilities.

4. Defines simulation goals, scenarios, and select use cases.

5. Coordinates event logistics including participants, facilitators, facilities, technology, delivery preparation and white papers

6. Develops simulation materials and conduct dry-runs.

7. Develops after action reports to help justify this investment and use the results to hone strategies for the overall organization.

8. Discusses security trends with security specialists from other institutions and peer organizations.

9. Recommends change to architecture based on red team exercise results.

10. Provides thought leadership for the evolution of red team exercises and program.

11. Must be able to perform advanced exploitation methods on endpoint systems.

12. Participates in special projects and performs other duties as assigned.

Basic Qualifications

  • Tests exploitation of vulnerabilities before and adversary exploits them
  • Tests adversary TTPs
  • Builds and conducts Red Team and war gaming exercises to challenge Vanguard’s security strategy and effectiveness.
  • Leverages war gaming to simulate security incidents, observe Vanguard’s response across monitoring, incident, and identify enhancement opportunities.
  • Defines rules and parameters for ethical hacking of systems, software and networks to identify and mitigate potential vulnerabilities.
  • Coordinates security event logistics including participants, facilitators, facilities, technology, delivery preparation and white papers
  • Develops after action reports to help justify this investment and use the results to hone strategies for the overall organization.
  • Discusses security trends with security specialists from other institutions and peer organizations.
  • Recommends change to architecture based on Red Team exercise results.
  • Provides thought leadership for the evolution of Red Team exercises and program.
  • Must be able to perform advanced exploitation methods on endpoint systems.
  • Participates in special projects and performs other duties as assigned.

Qualifications

  • Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred
  • Minimum of 10 years performing hands-on Pentest combined with vulnerability and threat assessments
  • Expert level technical experience with one or more of the following areas: Linux/Unix, Windows, Network, Mainframe, Storage.
  • Must be able to articulate gaps identified during red team exercises
  • 15+ years experience in IT security with a with a minimum if 5 years creating red team exercises.
  • Must have a expert level understanding of Kali 2.0 with all supporting features
  • Demonstrated ability to influence senior IT leadership and senior technical leaders.
  • Demonstrated excellent professional, communication, and interpersonal skills.
  • Must currently have a CISSP and OSCP
  • OSCE strongly prefered

Vanguard is not offering visa sponsorship for this position.