Merrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right thing, putting the customer first, and Earn, Learn, Have Fun (aka E.L.F.), have defined who we are as an Employer of Choice. Give Yourself Credit, Work at Merrick!
Position Summary:
The Offensive Security Engineer I operates, monitors, and improves information security processes and systems that protect the Bank’s data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism. This role focuses on application and development security, application penetration testing capabilities, and cloud infrastructure/platform security.
Essential Functions:
Key Offensive Security responsibilities include:
- Conducting Red Team Exercises to simulate Advanced Persistent Threats (APTs) against web, mobile, and cloud-based applications to identify security weaknesses and assess the effectiveness of security controls.
- Perform in-depth manual and automated penetration testing against Cloud and On Prem Networks and applications to discover vulnerabilities and weaknesses that could be exploited.
- Work with development teams to identify potential security threats early in the software development lifecycle (SDLC) and provide recommendations to mitigate risks.
- Develop and enhance tools, scripts, and frameworks to automate testing and reporting processes, including setting up continuous integration (CI) security checks.
- Document findings in detailed, actionable reports for both technical and non-technical stakeholders. Communicate effectively with developers, engineers, and executive leadership on remediation strategies.
- Collaborate with Blue Team (defensive security), DevOps, and engineering teams to improve detection and response capabilities.
- Stay updated on the latest security threats, vulnerabilities, and exploits, and apply this knowledge to enhance Red Team operations.
Each Security Engineer is also responsible to cross-train and be familiar with other security functions as assigned:
- Security Monitoring & Response - Detects and responds to security events by identifying, reporting, mitigating, and recovering from security incidents.
- Security Control Engineering and Operations - Enables and protects business services with appropriate access, endpoint, network, data storage, and data loss prevention controls, including vulnerability and controls testing.
- Security Risk & Program Management - Assesses and advises technology and business groups by identifying, prioritizing, managing, and reporting security risk.
- Performs other duties as assigned.
Compliance with Laws & Regulations:
- Responsible for complying with all of the Bank’s internal control policies and procedures.
- Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
- Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
Education and Experience:
- Associate’s degree in computer science, Cybersecurity, Information Security, or a related field. Equivalent experience will also be considered. Work experience or individuals pursuing a bachelor’s degree will also be considered in lieu of a degree.
- 0-3+ years of experience in application security, penetration testing, or Red Team operations.
Summary of Qualifications:
- Familiarity in programming/scripting languages such as C#, Python, JavaScript, PowerShell, Bash, or other relevant to security testing.
- Foundational Linux skills.
- Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
- “White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
- Positive, inquisitive, can-do attitude.
- Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
- Comfortably perform well under pressure, deliver to commitments on tight deadlines.
- Meticulous attention to detail.
- Passion for cybersecurity and technology trends, news, and hacking techniques.