Sr. Penetration Tester/Red Team

Accredo Health Saint Louis , MO 63150

Posted 2 months ago

POSITION SUMMARY

Express Scripts is looking for a Senior Pen Tester/Red Team Analyst to work on our Attack Simulation team. This role is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of ESI's IT infrastructure and applications. This role will work closely with the Director of Attack Simulation to identify, evaluate, and remediate potential weaknesses in ESI's systems using both manual and automated methods.

RESPONSIBILITIES:

  • Plan and execute adversary simulation engagements (internal and external penetration tests and/or red team operations against corporate web applications, APIs, networks, Windows and *nix variants)

  • Effectively communicate findings, attack paths, and recommendations to technical, non-technical, and executive client stakeholders through written reports and verbal presentations

  • Build scripts, tools or methodologies to enhance, streamline, and automate Attack Simulation's offensive capabilities

  • Ability to train others in adversary simulation tactics, techniques, and procedures

  • Effectively communicate successes and obstacles with fellow team members, team leads, and management

  • Assist with scoping engagements, participating in technical testing from campaign start through remediation, and mentoring less experienced staff.

  • Work with enterprise defenders to educate and train in adversary TTPs

QUALIFICATIONS:

  • Bachelor's degree or equivalent plus 4+ years' pen testing experience

  • One or more professional certifications such as OSCP, OSCE, GWAPT, GSEC, GPEN, GXPN

  • Passionate about security and finding new ways to break into systems as well as defend them

  • Offensive information security testing (red teaming, penetration testing) experience

  • Demonstrated understanding of offensive information security concepts

  • Ability to learn new concepts, tactics, techniques, and procedures through research efforts

  • Knowledge of Windows and *nix-based operating systems

  • Knowledge of networking fundamentals and common attacks

  • Experience managing multiple engagements/projects at once, successfully.

  • Experience and proficiency with common Red Team tools and scripts (e.g. Cobalt Strike, Powershell Empire, Metasploit, etc.)

  • Experience and proficiency with common penetration testing tools (e.g. nmap, JtR, Hashcat, netcat, etc.)

  • Knowledge of programming or scripting languages (e.g. C#/.NET, C++, Python, Powershell, Ruby)

  • Basic exploit development and validation skills

  • Strong analytical and problem solving skills with the proven ability to "think outside the box"

  • Proficiency in manual and automated techniques for penetration testing and executing red team engagements

  • Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation recommendations

  • Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec)

  • Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)

  • Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences

ABOUT THE DEPARTMENT

Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you're as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.

ABOUT EXPRESS SCRIPTS

Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the "Most Admired Companies" in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan. Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.

  • LI-RT1
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Application Penetration Tester

Accredo Health

Posted 7 days ago

VIEW JOBS 12/5/2018 12:00:00 AM 2019-03-05T00:00 POSITION SUMMARY This role is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of ESI's IT infrastructure and applications. This role will work closely with the Sr. Manager of Attack Simulation to identify, evaluate, and remediate potential weaknesses in ESI's systems using both manual and automated methods. ESSENTIAL FUNCTIONS * Execute internal and external penetration tests against corporate web applications, APIs, networks, Windows and Unix variants to discover vulnerabilities * Execute mobile application penetration tests for both Android and iOS based devices * Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation * Develop scripts, tools or methodologies to enhance ESI's penetration testing processes ESSENTIAL KNOWLEDGE, EXPERIENCE, AND SKILLS: * Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.) * Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) * Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell) * Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C) * Basic exploit development and validation skills * Strong analytical and problem solving skills with the ability to "think outside the box" * Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments * Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation advice * Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET) * Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec) * Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.) * Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences QUALIFICATIONS * Bachelor's degree in computer related field. * Five to eight years of relevant working experience; at least 3 years of experience in IT Security. * Certification in information security (CISSP, CISM, or equivalent) preferred. * Familiarity with external regulations, e.g., DIACAP, HIPAA, Sarbanes-Oxley. Strong understanding of information security principles. * Familiarity with domain structures, user authentication, and digital signatures * Understanding of data communication networks. * Experience with security tools and systems; PC skills including knowledge of Microsoft Office. * Excellent organizational skills and ability to communicate with internal/external entities and executives a must. * Effective leadership skills. * Demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities. * Customer service-oriented. * Ability to work in a flexible environment where requirements and procedures continuously evolve. * Ability to multi-task and manage time effectively. ABOUT THE DEPARTMENT Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you're as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities. ABOUT EXPRESS SCRIPTS Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the "Most Admired Companies" in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan. Express Scripts is an equal opportunity employer/disability/veteran Accredo Health Saint Louis MO

Sr. Penetration Tester/Red Team

Accredo Health