Express Scripts is looking for a Senior Pen Tester/Red Team Analyst to work on our Attack Simulation team. This role is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of ESI's IT infrastructure and applications. This role will work closely with the Director of Attack Simulation to identify, evaluate, and remediate potential weaknesses in ESI's systems using both manual and automated methods.
Plan and execute adversary simulation engagements (internal and external penetration tests and/or red team operations against corporate web applications, APIs, networks, Windows and *nix variants)
Effectively communicate findings, attack paths, and recommendations to technical, non-technical, and executive client stakeholders through written reports and verbal presentations
Build scripts, tools or methodologies to enhance, streamline, and automate Attack Simulation's offensive capabilities
Ability to train others in adversary simulation tactics, techniques, and procedures
Effectively communicate successes and obstacles with fellow team members, team leads, and management
Assist with scoping engagements, participating in technical testing from campaign start through remediation, and mentoring less experienced staff.
Work with enterprise defenders to educate and train in adversary TTPs
Bachelor's degree or equivalent plus 4+ years' pen testing experience
One or more professional certifications such as OSCP, OSCE, GWAPT, GSEC, GPEN, GXPN
Passionate about security and finding new ways to break into systems as well as defend them
Offensive information security testing (red teaming, penetration testing) experience
Demonstrated understanding of offensive information security concepts
Ability to learn new concepts, tactics, techniques, and procedures through research efforts
Knowledge of Windows and *nix-based operating systems
Knowledge of networking fundamentals and common attacks
Experience managing multiple engagements/projects at once, successfully.
Experience and proficiency with common Red Team tools and scripts (e.g. Cobalt Strike, Powershell Empire, Metasploit, etc.)
Experience and proficiency with common penetration testing tools (e.g. nmap, JtR, Hashcat, netcat, etc.)
Knowledge of programming or scripting languages (e.g. C#/.NET, C++, Python, Powershell, Ruby)
Basic exploit development and validation skills
Strong analytical and problem solving skills with the proven ability to "think outside the box"
Proficiency in manual and automated techniques for penetration testing and executing red team engagements
Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation recommendations
Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec)
Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)
Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you're as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.
ABOUT EXPRESS SCRIPTS
Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the "Most Admired Companies" in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan. Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.