Objective:
Work responsibilities will pertain to the Offensive Security services of Penetration Testing, Vulnerability Management, Code Security, and Threat Intelligence.
Detailed responsibilities include but are not limited to:
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
- Coordinate and provide support to business units for penetration testing of new technologies and services utilizing Nissan America’s Penetration Testing as a Service (PTaaS) provider.
- Document and formally report testing initiatives, along with remediation recommendations, and validation.
- Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture, and a wide array of commercial products.
- Develop and maintain tools and scripts used in penetration-testing and red team processes.
- Support purple team exercises designed to build strength across teams.
- Train offensive and defensive colleagues on new tactics, techniques, and procedures (TTPs) and mentor junior teammates.
- Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
- Work with teammates to consistently learn and share advanced skills and foster team excellence.
- Research current and emerging threats facing the business and industry sector.
- Document threats into contextual reports outlining severity, urgency, and impact, and ensure they can be understood by both management and technical teams.
- Build relationships with developers, stakeholders, and project managers to incorporate security principles into engineering design and deployments.
- Supervise testing and validation in application security controls across applications.
Skills and expertise should include, but are not limited to:
- At least 4-6+ years’ experience in information security administration, offensive tactics, monitoring and incident response (IR).
- Proficient in scripting languages such as Python, PowerShell, and Bash.
- Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire, etc.
- Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
- Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
- Capable of working with diverse teams and promoting an enterprise-wide positive security culture.
- Strong project management, multitasking, and organizational skills.
- Capable of working with diverse teams and promoting an enterprise-wide positive security culture.
- Demonstrated understanding and comprehension of a wide range of network and host cybersecurity solutions.
