The Red Team Lead will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. This role requires the proactive identification and solution of some of the most complex enterprise-scale information security problems. The role will research, design, and develop new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. The person in this role will contribute to the development and execution of strategic information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues.
- Develops Red Team processes, strategies, engagements, and roadmaps with an eye toward the unique needs of the business and industry.
- Builds custom exploits, toolkits, and cloud infrastructure to automate common tasks with appropriate logging and opsec.
- Works with internal teams to measure and improve detection and response.
- Demonstrates low-level development skills in the areas of exploitation and capability development.
- Able to effectively emulate a variety of threat actor profiles.
- Designs, builds, and leads a team that ensures the security of enterprise data and systems by developing enterprise information security solutions.
- Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats.
- Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
- Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security strategy and architecture.
- Engages with security specialists, enterprise architects and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
- Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
- Works with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives.
- Serves as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices.
- Exercises thought leadership in the creation and maintenance of security architectures.
- 7+ w/Bachelor’s degree
- Knowledge, Skills, Abilities
- A strong, complete, and working understanding of architecture-level information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
- A strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors).
- Strong understanding of systems development lifecycle to lead multifunctional projects or initiatives.
- Knowledge of laws, regulations, and standards relevant to the US Healthcare industry.
- Excellent written and verbal communication skills (including technical writing, documentation development, process mapping, and visualization). Must be able to effectively communicate technical concepts to a non-technical audience.
- Externally recognized information security industry thought leadership and innovation accomplishments desired but not required.
ADDITIONAL INFORMATIONComprehensive benefits package includes:
- 4 weeks PTO plus 12 holidays and your birthday off!
- Low-cost premium medical insurance options
- 100% paid dental and vision insurance
- Generous 401(k) matching and flat contribution
- Social responsibility and volunteer opportunities, including 16 paid volunteer hours annually
- Employee LiveWell program, focusing on overall employee well-being
- Fertility and diabetes benefits
- Employee discount program: AT&T/Verizon, entertainment, travel, and more!
- Culture of learning: career development and tuition reimbursement
- Career growth: we love promoting from within