Requisition Number:
70340
Position Title:
External Description:
As a member of our Red Team, you will be challenged to test assumptions and make the unknown known. Working closely with our Incident Response and Cyber Threat Intel teams you will use adversarial techniques to test the ability of our people, processes, and technologies’ resiliencies against cyber-attacks. When issues are found you will partner with peers and leadership in our technology organization to effectively communicate the gaps and to provide guidance on effective remediation. This includes performing penetration testing of various technologies at the firm along with designing and participating in Red Team/Purple Team exercises to strengthen our detection and response capabilities.
Role summary and job responsibilities
Perform penetration testing on enterprise networks, systems, and technology stacks.
Develop and coordinate Red/Purple Team exercises.
Contribute to continuous attack/validation program.
Identify, recommend, and build controls & signatures in response to new or observed cyber threats in support of internal Incident Response/Cyber Threat Intel teams.
You will contribute to the development of and improvement in cyber security standard methodologies within your group.
Collaborate with peers to provide input and continuously improve practices.
Can articulate and translate cyber security risks and vulnerabilities into practical solutions for technology teams to facilitate remediation.
Detailed knowledge of the cyber program associated objectives.
Understanding of common threats to, and historical attacks against, the Financial Services industry.
Typically, 5+ years of experience in a 24x7 global enterprise, preferably in the Financial Industry.
Familiarity with modern Threat Actor Tactics, Techniques and Procedures and counter measures.
Understanding of Windows domain concepts for hybrid cloud environments.
Experience with Active Directory concepts and vulnerabilities.
Ability to identify vulnerabilities in networks, systems, and applications using common penetration testing frameworks, tools, and techniques or manual processes.
General understanding of web technologies/frameworks (HTML, JavaScript, etc.) and their associated vulnerabilities (OWASP Top 10, XSS, filter bypassing, SQL Injection) .
In-depth understanding of Windows operating systems and knowledge of Unix, Linux, and macOS operating systems.
Ability to utilize MITRE ATT&CK framework, Cyber Threat Intelligence, and Cyber Security Awareness concepts to influence work.
Knowledgeable about the functions of various security infrastructure, including firewalls, Intrusion Prevention Systems, Proxy Servers, Security Event Managers, VPNs, etc.
Basic coding/scripting knowledge, Python or PowerShell preferred.
Offensive Security (OSCP/OSCE), SANS GIAC (GPEN, GWAPT, GXPN, etc.), or similar information security certifications preferred.
Dedication to quality and attention to detail.
Spearheads work reviews and actively participates in providing feedback on others’ work.
Performs as a specialist in one or more cyber security programs.
Strong written and verbal communication skills.
FINRA Requirements
FINRA licenses are not required and will not be supported for this role.
Work Flexibility
This role is eligible for remote work up to three days a week.
City:
State:
Community / Marketing Title:
Senior Red Team Operator
Company Profile:
Location_formattedLocationLong:
Maryland, US
CountryEEOText_Description:
Commitment to Diversity, Equity, and Inclusion:
We strive for equity, equality, and opportunity for all associates. When we embrace the power of diversity and create an environment where people can bring their authentic and best selves to work, our firm is stronger, and we create greater value for our clients. Our commitment and inclusive programming aim to lift the experience for each associate and builds allies for our global associate community. We know that a sense of belonging is key not only to your success at the firm, but also to your ability to bring your best each day.
Benefits: We invest in our people through a wide range of programs and benefits, including:
• Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions
• Flexible and remote work opportunities
• Health care benefits (medical, dental, vision)
• Tuition assistance
• Wellness programs (fitness reimbursement, Employee Assistance Program)
Our policies may change as our working lives evolve. Yet, our commitment to supporting our associates’ well-being and addressing the needs of our clients, business, and communities is unwavering.
T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.