U.S. Bank Jobs

Job Information

U.S. Bank Red Team Member - Remote in Gresham, Oregon

At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

Our Security Testing group is looking for a strong cyber security professional to join our Red Team. This role will involve performing penetration testing and cutting-edge research on new attack vectors, techniques and tactics.

This role will also emulate adversarial attacks to provide information to U.S. Bank lines of business with the overall goal of providing knowledge of indicators or compromise and TTP (tools, tactics and procedures) to other teams. Team member will be creating attack chains and will explain how combining different weaknesses can result in higher impact. This team member must be able to utilize complex hacking tools, create proof of concept exploits, and document attack chains so they can be re-created and defensive tactics developed for them. Research, analyze, design, test, and implement complex technologies, systems, and applications.

Responsibilities

• Conduct Threat Emulation

• Conduct innovative research in cyber security

• Conduct active offensive and/or adversarial operations

• Conduct physical security assessments

• Develop custom penetration testing tools

• Develop in-depth findings reports

• Document the impact and severity of attack chains to be presented to the lines of business

• Act as a subject matter expert to convey technical details on attacks to the blue teams

Qualifications:

Basic Qualifications:

-Bachelor's degree or equivalent work experience

-ISACA Certified Information Security Manager

-Certified Information System Security Professional

-Certified Information Systems Auditor

-At least 7 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

Preferred Skills/Experience:

• At least 3 years' experience with offensive security experience

• Advanced Information Security technical skills

• Proficient in working with systems, networks, and application vulnerability testing

• Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats

• Security engineering experience that includes knowledge and understanding of recent research and industrial advances in one or more of the following areas computer and communication networks, cyber security threat detection, cyber security experimentation and testing, innovative research in cyber security, physical security controls and their weaknesses, debugging, hardware and device hacking, or electronics security

• Assessment experience in three or more of the following mobile, web application, mainframe, wireless or network penetration testing

• Knowledge and understanding of Python, Ruby, PowerShell, and Shell scripting

• Physical hardware hacking experience

• Physical security assessments experience

• Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation

• Ability to work effectively, as well as independently, in a team environment

• Strong organizational, multi-tasking, and prioritizing skills

• Ability to handle confidential material in a professional manner

• Excellent verbal, written, and interpersonal communication skills

• Knowledge and understanding of banking or financial services industry

• Experience working in a large enterprise environment

• Strong analytical skills with high attention to detail and accuracy

• Knowledge and understanding of system/application architecture and design concepts

• Ability to present complex material in a digestible, consumable manner to all levels of management

• Certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE)

• Exceptional report writing skills using a penetration tester framework/methodology

• Reverse engineering and exploit creation/modification

• Highly experienced with operating system and application hardening best practices

• Strong ability to find and dissect vulnerabilities without using standard and self-created tools

• Demonstrates issue resolution and negotiation skills

• Strong ability to create proof of concepts from discovered potential vulnerabilities

• Comprehensive understanding of recent research and industry advances in the following areas Computer and communication networks, Cyber security threat detection, Cyber security experimentation/testing, and Programming

• Perform debugging, performance evaluation, and paper/document writing

• Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture

• Leads with red team activities and supports computer security incident response activities and the technical investigations of information security related incidents

Job: Information Technology

Primary Location: United States

Shift: 1st - Daytime

Average Hours Per Week: 40

Requisition ID: 190028722

U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

DirectEmployers