Penetration Tester (Security Red Team Reconnaissance and Research Lead)

Location: Atlanta, Ga
Date Posted: 12-11-2018
This position will be required to work collaboratively with Information Technology, other business units, and information security personnel.  The person filling this role will define a program for examining our own systems and infrastructure from an adversarial perspective (i.e., penetration testing), helping us identify and remediate points of exposure, weakness, or misconfiguration. This position will also define a program for researching cybersecurity capabilities and weaknesses of railroad-specific equipment and systems, supplementing broadly available research of common platforms from outside the organization and completing our view of technology upon which we depend for operation. Lastly, this position will serve as the point of coordination for all engagement of external resources for penetration testing.
Principal Duties:
The Information Security Red Team Reconnaissance and Research Lead will be a member of the Information Security group and a key member for improving the overall information security program.  The candidate will establish a formal cyber security testing program which will include highly sophisticated penetration tests designed to develop a reliable assessment of the enterprise’s cyber defense capabilities.  
Responsibilities include:
           Continue implementation of the Information Security Red Team program
           Conduct planned and targeted tests of enterprise systems in order to expose any weaknesses before real adversaries may take advantage of them
           Coordinate and lead all external and internal penetration testing
           Develop detailed discovery reports for management and technical audiences
           Recommend mitigation strategies to protect the confidentiality, integrity, and availability of company’s  data and systems
           Participate in team on-call rotation
           Perform other duties as assigned
Job Related Experience:
Preferred Level: 3-7 years
Preferred Level: Bachelor’s Degree (BS)
Preferred Majors: Computer Science or Information Systems, Specialization in Information Security/Assurance is a plus
Licenses / Certifications:
Preferred: GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP)
Skills Required:
           3-5 years of information security testing & evaluation
           Ability to develop and execute practical penetration tests that assess the enterprise cyber defense posture
           Thorough understanding of the latest security principles, techniques, and protocols
           Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat, CoreImpact)
           Competent knowledge of risk management and threat intelligence analysis
           Expert ability with scripting languages such as Python and Powershell
           Detailed knowledge of database and operating system security
           Experience with network security, networking technologies, and network monitoring tools
           Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
           Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) including the OWASP Top Ten
           Strong verbal and written interpersonal communications skills and ability to deal effectively with business partners, peers, and management
           Must have the demonstrated ability to work with a diverse team and lead/assist in developing and improving an information security program of a large enterprise
Skills Desired:
           Knowledge of ICS/SCADA networks, architecture, devices, and protocols to include components of Positive Train Control (PTC)
           Embedded systems design
           Experience with mobility and cloud security
this job portal is powered by CATS