|Reference # :||19-01589||Title :||Project Manager - Technical I|
|Location :||Groton, CT|
|Experience Level :||Start Date / End Date :||07/08/2019 / 10/07/2019|
| Cybersecurity Attack & Penetration Tester|
- Location: can work from Collegeville OR Groton site
The Cybersecurity Assessment Manager will be the attack and penetration testing and red team assessment lead within Global Information Digital and Technology Organization . The lead will be expected to utilize their technical and creative skills for threat and risk analysis security testing various applications, platforms and solutions for company projects and responding to incidents. They will mentor the technical analysts on the team.
The GIS-BT team delivers three core capabilities for Pharmaceutical. The team secures the most important information assets through world-class protective controls, promotes a cybersecurity ownership culture across the company through targeted awareness education to empower colleagues to make informed risk decisions, and partners with business leaders to enable improved outcomes through the effective application of technologies that simplify user experience and reduce risk.
•Performing and/or coordinating manual Attack and Penetration (A&P) testing, utilizing and leveraging the latest technologies in this role (ie – black web applications, mobile applications, various platforms, web services, databases, overall solutions)
•Perform security threat modeling and assessments on various solutions in addition to manual A&P testing.
•Lead and perform red team assessments
•Lead and perform technical Critical Asset Review Evaluations
•Researching new security threats, vulnerabilities and exploit techniques
•Respond to new security threats and help implement new requirements as needed
•Managing and maintaining security testing frameworks
•Create or update new test cases and documentation for red teaming, CARE, and security testing for the security testing team
•Develop and Lead training for technical testers and development teams for industry updates and technical changes.
•Identify appropriate remediation steps, working with business partners to ensure that the threats that have been identified are correctly remediated and lead or co-lead the closure of the exposure while acquiring business expertise.
•Identify gaps in analytical data and recommend additional data gathering to support or eliminate potential situations. Work collaboratively with forensic analysts and threat intelligence specialists to gather such data.
•Demonstrated ability to work independently on multiple projects simultaneously with various project scopes.
•Makes decisions guided by policies in non-standard situations
•Complete work accurately and within the deadlines required.
•Manages and provide technical guidance and oversight for technical resources
•Utilize security related tools including A&P tools, Security application development tools, and other pertinent tools to establish detection of vulnerabilities, and subsequently create the appropriate reporting mechanisms and proactively recommend upgrades or special use tool recommendations.
•Determining and testing upgrades to security technologies within scope
•Work in a team environment while maintaining confidentiality of investigation information.
•Provide mentoring to newer team members.
•Deep knowledge of working with OWASP concepts for various solutions
•Bachelor’s degree, preferably in a technical field
•5 years IT experience
•3-5 years cybersecurity experience
•3-4 years demonstrated manual attack and penetration or red team technical testing
•Strong understanding of IT operations and service support processes, ITILv3 certification preferred
•3+ years’ experience in pharmaceutical or other regulated industry
•Ethical Hacker Certification or Similar
•Security certifications are desired but not required (CISSP, GIAC, CEH, MSCE Plus Security).High level of integrity and strong ethical values