Senior Red Team Operator
Onsite
MD, United States
MD, United States
Posted 28 days ago
Job Details
There is a place for you at T. Rowe Price to grow, contribute, learn, and make a difference. We are a premier asset manager focused on delivering global investment management excellence and retirement services that investors can rely on today and in the future. The work we do matters. We invite you to explore the opportunity to join us and grow your career with us. Overview As a member of our Red Team, you will be challenged to test assumptions and make the unknown known. Working closely with our Incident Response and Cyber Threat Intel teams you will use adversarial techniques to test the ability of our people, processes, and technologies’ resiliencies against cyber-attacks. When issues are found you will partner with peers and leadership in our technology organization to effectively communicate the gaps and to provide guidance on effective remediation. This includes performing penetration testing of various technologies at the firm along with designing and participating in Red Team/Purple Team exercises to strengthen our detection and response capabilities. Role summary and job responsibilities
- Perform penetration testing on enterprise networks, systems, and technology stacks.
- Develop and coordinate Red/Purple Team exercises.
- Contribute to continuous attack/validation program.
- Identify, recommend, and build controls & signatures in response to new or observed cyber threats in support of internal Incident Response/Cyber Threat Intel teams.
- You will contribute to the development of and improvement in cyber security standard methodologies within your group.
- Collaborate with peers to provide input and continuously improve practices.
- Can articulate and translate cyber security risks and vulnerabilities into practical solutions for technology teams to facilitate remediation.
- Detailed knowledge of the cyber program associated objectives.
- Understanding of common threats to, and historical attacks against, the Financial Services industry.
- Typically, 5+ years of experience in a 24x7 global enterprise, preferably in the Financial Industry.
- Familiarity with modern Threat Actor Tactics, Techniques and Procedures and counter measures.
- Understanding of Windows domain concepts for hybrid cloud environments.
- Experience with Active Directory concepts and vulnerabilities.
- Ability to identify vulnerabilities in networks, systems, and applications using common penetration testing frameworks, tools, and techniques or manual processes.
- General understanding of web technologies/frameworks (HTML, JavaScript, etc.) and their associated vulnerabilities (OWASP Top 10, XSS, filter bypassing, SQL Injection) .
- In-depth understanding of Windows operating systems and knowledge of Unix, Linux, and macOS operating systems.
- Ability to utilize MITRE ATT&CK framework, Cyber Threat Intelligence, and Cyber Security Awareness concepts to influence work.
- Knowledgeable about the functions of various security infrastructure, including firewalls, Intrusion Prevention Systems, Proxy Servers, Security Event Managers, VPNs, etc.
- Basic coding/scripting knowledge, Python or PowerShell preferred.
- Offensive Security (OSCP/OSCE), SANS GIAC (GPEN, GWAPT, GXPN, etc.), or similar information security certifications preferred.
- Dedication to quality and attention to detail.
- Spearheads work reviews and actively participates in providing feedback on others’ work.
- Performs as a specialist in one or more cyber security programs.
- Strong written and verbal communication skills.
- Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions
- Flexible and remote work opportunities
- Health care benefits (medical, dental, vision)
- Tuition assistance
- Wellness programs (fitness reimbursement, Employee Assistance Program)
Learn more about T. Rowe Price
Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
Mission
We're connecting diverse talent to big career moves. Meeting people who boost your career is hard - yet networking is key to growth and economic empowerment. We’re here to support you - within your current workplace or somewhere new. Upskill, join daily virtual events, apply to roles (it’s free!).
Are you hiring? Join our platform for diversifiying your team