Security Engineer - Red Team
State Street
Job Description
Who we are looking for
The Red Team Engineer will perform as a member of the Offensive Security team within the Global Cyber Security group and will serve as a technical resource for penetration testing as well as an advisor on technical matters involving the security of information systems.
The Red Team Engineer will conduct comprehensive assessments of the operational and technical
security controls used by an enterprise applications and critical infrastructure. These assessments
help determine the overall effectiveness of the controls to ensure they are implemented adequately and correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. The Red Team Engineer will interact directly with Application and Infrastructure SMEs, Program Management, Information Security Officers (ISOs), and System Owners. Application of technical expertise and a comprehensive understanding of the related IT controls are required, but not limited to the following areas: Access and Authentication, Data Security, Secure Software Management, Infrastructure Operations, Network Edge Protection, and Vulnerability Management.
What you will be responsible for
- Test enterprise defenses; attacking, detection avoidance and preventing circumvention to determine level of risk and exposure.
- Perform full, detailed security risk assessments and penetration tests on a wide variety of high or critical business solutions that include but are not limited to software, hardware, networks, and mobile devices as well as complex solutions that may include any number of the above configurations
- Ensure compliance of system and application security in accordance with corporate security practices/guidelines and relevant technology standards.
- Prepare final security assessment reports containing the results and findings from the assessment.
- Conduct follow up and assist with resolution of all findings, as needed.
What we value
- Perform Infrastructure and Application Penetration Testing
- Deep knowledge of attack frameworks, such as MITRE ATT&CK
- Execute Vulnerability Scanning
- Cloud Security Concepts
- IT and Network infrastructure technologies
- Familiarity various penetration test utilities and tool suites
- Ability to perform light programming tasks using common languages such a python and bash
- Demonstrated ability to identify core issues and work with leaders and team members to resolution
- Strong organizational, task switching, and prioritizing skills
- Ability to work independently and solve challenging problems while collaboration with stakeholders
- Knowledge and interest in current vulnerability related trends
- Attention to detail
- Driving to results
- Collaboration and influencing
- Working professionally with confidential information
- Presentation skills, both orally and written
- Ability to work well with others and under pressure
- Demonstrated professionalism in approach to communicating ideas and solutions in simple language
Experience Desired
Education: Bachelor's
- 3+ years of network and/or application penetration testing
- 5+ years of experience in security/systems/network engineering and/or development
- CEH, OSCP, CISSP, or equivalent preferred.
Salary Range:
$110,000 - $185,000 AnnualThe range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.