Job Description
This is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations.
Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we’re bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourishes in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.
The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.
Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world-class service — both pre- and post-claims. Ascot exists to solve for our clients’ brightest tomorrow, through agility, collaboration, resilience, and discipline.
Job Summary
Ascot recognizes that a cyber offense specialist has a key role in helping deliver its cybersecurity strategic objectives. Reporting to the AVP, Global Cyber Offense Leader this individual will be instrumental in helping the program prepare and respond against the ever-changing threat actor’s tactics, techniques and procedures. This is a hands-on role where the successful candidate will be required to provide effective outcomes in determining weaknesses and threats specific to Ascot while also supporting the day-to-day processes and procedures. The job includes routine metrics and outcome measurements of the effectiveness of the cyber offense deliverables.
Responsibilities
- Perform cyber offense functions including vulnerability scanning, coordination of penetration testing activities, overseeing remediation of vulnerabilities continuous monitoring, application security testing technology, and process rollout and management. The scope of work is global covering people, process, and technology across Ascot Group.
- Assist in delivering a comprehensive offensive security strategy including identifying vulnerabilities, weaknesses, and exposures in the organization’s environment, systems, and applications.
- Assist in implementing best-in-class solutions and tooling that will help achieve the cyber offense strategic objectives.
- Manage vulnerability detection, coordinate patch management activities, and manage the application security program by supporting relevant processes and continuous monitoring.
- Support penetration testing, and purple and red team exercises with external and internal reviews of the environment by running, managing, and supporting remediation of those assessments.
- Coordinate penetration testing (ethical hacking) activities and/or perform them to pinpoint vulnerabilities and consult on action plans for remediation that take into account industry benchmark SLAs, asset criticality, and severity rating of the vulnerabilities.
- Integrate application security best practices into the development processes to facilitate a secure system development life cycle.
- Leverage vulnerability databases, tooling, intelligence sources, and reports to build metrics as defined by leadership to identify the risks and tracking of risk reduction in the cyber offense space
- Research new tactics, techniques, and procedures in public and closed forums and communicate those with security leadership.
- Work with the cybersecurity resilience and defense team to collaborate on the presence of indicators of compromise (IOCs) within or relevant to the environment along with determining the relevant corrective action.
- Communicate and collaborate with technical and non-technical functions across the company and vendors to share, receive, and interpret various cyber threats, vulnerabilities, and risks related to cyber offenses.
Requirements
- Bachelor’s degree or higher in Computer Science, Application Development, Software Engineering, or a related discipline.
- At least one certification such as GWAPT (GIAC Web Application Penetration Tester), OSCP (Offensive Security Certified Professional), CEH (Certified Ethical H CISSP, CCSP, CEH, OSCP, or equivalent.
- Minimum 5 years of experience in a cyber offense role or equivalent.
- Knowledge of application security testing and source code review.
- Proficiency in multiple programming languages with a strong understanding of secure coding practices.
- Excellent analytical skills and a keen attention to detail for identifying and addressing security vulnerabilities.
- Experience with BurpSuite, Corellium, Checkmarx, Vercode, Plextrac, Cobaltstrike , Snyk, or similar tools and experience with Rapid7, Tenable, Tanium, WIZ, or similar tools. (Preferred experience with Metasploit, Invicti, Nmap, Nessus, Netsparker, Wireshark, or similar.)
- Must have a strong technical background to understand and provide consulting to application, infrastructure, and network teams.
- Experience in supporting Cloud configuration, CIS benchmarks, and/or other industry-leading configuration benchmarks.
- At least one year of DevOps Security ( Security Teams should be able to write code interact with APIs, and help developers to automate security tasks)
- Understanding of OWASP, OSINT, CVSS/CVE, the MITRE ATT&CK framework, and the software development lifecycle.
- Experience with successful cloud security and vulnerability processes, technologies, and techniques.
- Understanding of secure development practices including security and privacy by design.
- Knowledge and experience rolling out and performing application security testing functions (Threat Modeling, DAST/SAST & Application Pen Tests)
- Familiarity with existing threat actor techniques and threat management programs and controls.
- Ability to collaborate with other business teams and work with vendors.
- Knowledge and understanding of the design and deployment of infrastructure and applications hosted on the cloud.
- Knowledge and experience with industry cyber security frameworks, such as NIST CSF, CIS, and ISO27001.
Compensation
Actual base pay could vary and may be above or below the listed range based on factors including but not limited to experience, subject matter expertise, and skills. The base pay is just one component of Ascot’s total compensation package for employees. Other rewards may include an annual cash bonus, long-term incentives, and other forms of discretionary compensation awarded by the Company.
The annualized base pay range for this role is $90,000 - $110,000 for the NY Metro Area. :
Company Benefits
The Company provides a competitive benefits package that includes the following (eligibility requirements apply):
Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Life Insurance, AD&D, Work/Life Resources (including Employee Assistance Program), and more
Leave Benefits: Paid holidays, annual Paid Time Off (includes paid state /local paid leave where required), Short-term Disability, Long-term Disability, Other leaves (e.g., Bereavement, FMLA, Adoption, Maternity, Military, Primary & Non-Primary Caregiver)
Retirement Benefits: Contributory Savings Plan (401k)