Remote, United States, United States of America
1 day ago
Sr Red Team Consultant

Location:

For Those Who Work At Home - Various, Ohio 44144

The Senior Red Team Consultant will execute and lead Red team and penetration testing. The Red team is responsible for the execution of various security tests finding and assessing security weak points, choosing appropriate attack vectors, and carrying out a controlled attack that attempts to evade detection or capture. KeyBank’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks. 

Assessments include red team assessments, network and physical penetration tests, cloud, wireless tests, and 3rd party testing included in Key’s Vulnerability Management program.

This role will oversee efforts in planning, performing, and executing various security assessments for Key’s Red Team program. The candidate will bring extensive red team knowledge to further enhance KeyBank’s program.  Practical experience with Red team engagements targeting Linux, Windows, macOS, Google Cloud and Azure is necessary for success.  The senior red team consultant is expected to be able to present and communicate with senior leadership in both written and verbal formats. 

From a more general perspective, the candidate will be able to analyze and assess security risk and facilitate the development and implementation of effective compensating controls.  The senior red team member will function within the Corporate Information Security team but will ideally be effective across the entire security spectrum and able to analyze complex security issues and explain them in standard business language. 

ESSENTIAL JOB FUNCTIONS

Ability to perform Red Team assessments across multiple technologies, including GCP and Azure.Work as a lead coordinating with clients and team members to execute Red Team Assessments and Penetration AssessmentsPerform and lead advanced network and physical penetration testing and complex analysis of vulnerabilities to determine risk posture and findings. Produce quality written reports, presentations and documentation; incorporating findings and recommendations.  Reports should be written for appropriate audience, for example executive management.Works autonomously and guides work of other team membersStrong business/financial knowledge; in-depth understanding and interpretation of security policies, leading to security best practice implementation and recommendationsProven relationship building skills working with mid to senior level management and cross-functional teams; strong understanding of risks; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors’ other team membersCollaborate with technical teams communicating and assigning findings discovered during an assessmentCreate and update documentation of processes and ongoing associated enhancementsProvides technical security consulting support to address complex business and technology projects and requestsIdentify enhancements to tools, processes and standardsProvide direction and act as an escalation point on projects and issues to other team members

REQUIRED QUALIFICATIONS

Bachelor’s degree or equivalent work experience6+ years with Red team or PenTest teamsAdvanced experience with common Red Team tools, including common C2 frameworksExperience with scripting, editing existing code, and general programming concepts using one or more of the following: PowerShell, JavaScript, Perl, Python, VB, bash, C/C++, C#, or JavaFirm understanding of operating systems such as Windows, Linux, macOSCloud computing experience such as Google Cloud, AzureAdvanced networking experienceExperience with attack planning and simulationKnowledge and understanding of MITRE ATT&CK framework and TTPs of cyber attacksStrong Research capabilities reporting back to the team on new topicsTravel for site visits required

RELEVANT QUALIFICATIONS (Desirable but not required)

Offensive Security Certified Professional (OSCP)Certified Red Team Professional (CRTP)GIAC Penetration Tester (GPEN)CREST Penetration Testing / CBEST Qualifications

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $92,000 to $150,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 11/20/2024

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.


#LI-Remote

Confirm your E-mail: Send Email