Senior Penetration Tester - Red Team

$103,500 - $197,000/Yr

AbbVie - Mettawa, IL

posted 5 months ago

Full-time - Senior
Remote - Mettawa, IL
Chemical Manufacturing

About the position

As a Senior Penetration Tester - Red Team at AbbVie, you will be an integral part of the Business Technology Solutions (BTS) team, contributing to the digital transformation of a leading biopharmaceutical company. This role is designed for a highly motivated and experienced specialist who will join the Attack Surface Management (ASM) team. Your primary responsibility will be to protect AbbVie's patients, data, and brand by identifying vulnerabilities and threats through simulated cyber security attacks. You will lead efforts in planning, developing, and executing adversarial exercises against AbbVie's networks, systems, applications, and users. This position offers the flexibility of remote work from anywhere in the U.S. In this role, you will collaborate with internal and external groups to communicate risks identified throughout AbbVie's environment. You will work closely with AbbVie's defenders to secure the organization against current and emerging threats. The ideal candidate will possess advanced experience in performing penetration tests and will be adept at communicating the impact of identified vulnerabilities to stakeholders, along with recommending remediation plans. Your contributions will directly impact AbbVie's ability to continue making remarkable impacts on people's lives. As a key member of the Advanced Security Testing team, you will provide leadership on critical information security vulnerabilities, develop and implement red team methodologies, and perform advanced technical penetration testing exercises. You will also be responsible for delivering high-quality reporting to communicate technical findings to various stakeholders, including developers, architects, and managers. Additionally, you will provide guidance on exploits, techniques, and countermeasures to the Information Security team and junior red team staff members, while also identifying enhancements to tools, standards, and processes.

Responsibilities

  • Provide leadership on the latest critical information security vulnerabilities, threats, and exploits as they apply within the AbbVie environment.
  • Develop and implement red team methodology to assess risk within AbbVie's networks, systems, applications, and users.
  • Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVie's environment and monitoring/response programs.
  • Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers.
  • Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including AbbVie's Cyber Security Incident Response Team (CSIRT) and junior red team staff members.
  • Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis.
  • Perform web and mobile application security assessments, as needed and as directed by senior Attack Surface Management team members.

Requirements

  • Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience with direct enterprise-level red team and/or penetration testing experience.
  • Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open source tools.
  • Understanding of security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK.
  • Strong written and verbal communication skills, adept at communicating concepts to diverse audiences with varying skill sets.
  • Certifications such as OSCP, OSCE, OSWP or ECSA are strongly preferred.
  • Strong knowledge of operating systems (including Windows, Linux, Unix, and MacOS), networking fundamentals and technologies, cloud computing, and application architectures and technologies.

Nice-to-haves

  • Experience with penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration.

Benefits

  • Paid time off (vacation, holidays, sick)
  • Medical/dental/vision insurance
  • 401(k) plan
  • Participation in short-term incentive programs
  • Participation in long-term incentive programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service