Cybersecurity Penetration Tester
Job Family: Information Technology
Designs, analyzes and supports the company's information technology structure, systems and processes. Acquires, designs, implements and operates the company's information technology resources (e.g., computer hardware, operating systems, communications, software applications, data, databases, etc.). Deploys, acquires, maintains and ensures security of information technology assets. Plans and tests processes to ensure compliance with system requirements, business objectives, security standards and other technical requirements.
Job Function: Information Security
Develops, manages and operates security services that assess, prioritize and mitigate information security and technology risk. Includes cyber security threat services, access management services and technology risk assessments. Designs network security perimeter architecture and relevant security controls. Reviews internal and external IT projects and applications for risk and adherence to security policies and industry best practices. Participates on internal security project teams to deploy security technologies and to make recommendations for hardware/software products for future release. Liaises with vendors for various security infrastructure-related products and services.
Summary of Responsibilities:
The Associate, Information Security designs implements and monitors Financial/Accounting/Operational processes. The incumbent is responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing. The Consultant, Information Security identifies the security flaws and weaknesses in the systems that can be exploited to cause business risk, and provides crucial insights into the most pressing issues, suggesting how to prioritize security resources.
- Conducts Penetration Testing (e.g., internal, external, wireless, physical, social, applications, etc.); Post vulnerability assessment, work with various stakeholders to provide remediation to the identified risks and bring the same to closure.
- Conducts walk-through of the assessment report to the stakeholders and help define remediation plan.
- Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications and other information assets.
- Works with various teams to follow a pre-assessment plan/ and assessment schedule for every assessment, conduct threat assessment, and deliver an assessment report.
- Performs technical security assessments (e.g., Windows, UNIX, firewalls, routers, oracle, SQL server, etc.).
- Performs web application security assessments (e.g., exploiting web app vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking, etc.
- Conducts vulnerability assessment on the target IT Infrastructure, applications and related information assets.
- Interacts with partners as needed to explain work product, security techniques, methodology and results to ensure appropriate business value
- Conducts risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
- Conducts security research on threats and remediation methods.
- Oversees security projects and the security testing of new and existing applications.
- Creates process improvement by identifying inefficiencies and solutions for process improvements.
- Writes clear security assessment reports to document findings, and discuss solution with IT and management teams.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Acts as a subject matter expert (SME) while providing leadership, guidance, and mentorship to other project managers.
- Other duties as assigned.
- Education -
- Bachelor's Degree: Computer Science or equivalent field.
- or equivalent work experience
- Experience -
- 5-9 years in field or similar industry.
- Experience in information security, governance, IT audit, or risk management.
- 2+ years direct or equivalent experience in areas of penetration testing, exploit development and vulnerability research.
- Skills & Abilities -
- Knowledge of risk assessment tools, technologies, and methods
- Experience planning, researching and developing security strategies, standards, and procedures
- Exceptional organizational skills and attention to detailbility to work cooperatively in a team environment
- Demonstrate understanding of the penetration testing methodology laid out by the following standards PTES, OSSTMM, NIST, OWASP, etc.
- Fundamental understanding of the MITRE ATT&CK® framework
- Fundamental understanding of scripting languages to include the following – python and PowerShell
- Experience with penetration testing tools – Metasploit, Nikto, SQLMAP, Responder, Nessus, netcat, etc.
- Familiarity with the command line interface of multiple operating systems – Windows, macOS, Linux, etc.
- Working knowledge of Windows/Unix systems administration and security vulnerabilities
- Knowledge of network protocols (IPV6, DNS, HTTP, etc.) and accompanying tools (Wireshark, TCPDump, etc.)
- Ability to work socially and efficiently in a team environment and receive direction from the senior members
- Strong understanding of security, incident response and/or networking/PC concepts
- Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to malware, eDiscovery, current threats/attacks and/or vulnerability management
- Ability to communicate concisely, effectively and directly to executive management
- Proven relationship building skills working with mid to senior level management and cross-functional teams; understands risks; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors other team members
- Demonstrated presentation development; tailors message as needed; comfortable presenting to all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations
- Strong knowledge of MIS reporting structures.
- Understands Risk Management needs and designs new solutions based detailed analysis and validation.
- Advanced knowledge of Microsoft Office (Outlook, Word; Excel) and PowerPoint
- Certified Penetration Tester (CPT), Certified Mobile and Web Application Penetration Tester (CMWAPT), Certified Red Team Operations Professional (CRTOP), CompTIA PenTest+ or GIAC Certified Penetration Tester (GPEN) preferred
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.
To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:
- Completion of at least one year of active service in Santander
- Completion of at least twelve months in current position
- Be in "Good Standing"
Please click here to see the full policy- https://tbcdn.talentbrew.com/company/1771/internal_v2_0/img/eligibility.pdf
- Frequently: Minimal physical effort such as sitting, standing, and walking.
- Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
- Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.
- This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
- The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.