Welcome Guest
Taj Logo

Job Details

Back To Search Result Apply

Requisition Number: 38936
Position Title: Information Security Testing Director
Location: Minneapolis MINNESOTA United States
Duration: 12 months
Recruiter Name: Prem Kumar
Recruiter Email: Prem.T.ilink@tajtech.com

Job Overview

Job Summary •The Information Security Testing Director will be responsible for all aspects of security testing conducted or managed by the Information Security group. •This will include red-team testing, planned penetration tests, coordinating third-party penetration testing, and verification testing after significant control changes by the Network Technology and Operations (IT) organization. • Additionally, the Director will also consult and govern security testing that occurs in other parts of the organization including static and dynamic analysis conducted by the Network Technology and Operations agile teams as a member of the Application Security Review Board. •As a Director within the Information Security group, this role will also be a key leader in the Chief Information Security Officer’s (CISO) leadership team, be a part of the CISO succession plan, and act as the CISO’s delegate for internal and external meetings and committees. •This position will require extensive hands-on technical testing abilities while also requiring an ability to govern and influence teams across Surescripts. •A successful Information Security Testing Director should possess a deep understanding of both information security and computer science. •They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. •If you can exploit at scale while remaining stealthy, identify and exploit mis-configurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of information security leader we’re looking for.

Job Description

•Red Team Testing
•Perform network penetration, web and mobile application testing, threat analysis, wireless network assessments, and social-engineering assessments.
•Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
•Partner with the CISO and Manager of Security Services, as well as our Network Technology and Operations management partners, to develop a risk-based prioritized list of red-team targets.
•Effectively communicate findings and strategy to our stakeholders including technical staff, the rest “blue team” members of the Information Security team, and executive leadership.
•Partner with the Manager Information Security Services and Network Technology and Operations leadership to develop new or change existing control structures to better protect Surescripts from attackers.
•Recognize and safely utilize attacker tools, tactics, and procedures.
•Develop the red-team testing procedures to reduce the risk of impacting the critical services Surescripts provides, while still providing our company with important testing scenarios and results.
•Develop scripts, tools, or methodologies to build and enhance Surescripts’ red teaming processes.
•Penetration Testing:
•Perform scheduled and scoped penetration tests as required when new applications/systems or developed.
•Provide formal reports to technical and non-technical agile and project teams about findings and recommendations.
•Coordinate annual cycles of third-party penetration testing as required by our customers.
•Confirmation Testing:
•Perform technical tests to confirm security requirements provided to agile and project management teams have been met.
•Keep current with latest security and technical developments, especially those that are applicable to Surescripts, to better test our environment and consult on how best to design and security these environments.
•Assist with security investigations, root-cause analysis and corrective measures as required.
•Support the Chief Information Security Officer, as member of the CISO’s leadership team, by representing the CISO and Surescripts in both internal and external matters.
Basic Requirements:
•Bachelor degree in a technical field or equivalent experience
•12 years of experience in the fields of Information Security and one or more of Network Engineering, Systems Engineering, or Computer Science
•5+ years' experience in at least three of the following:
•Network penetration testing and manipulation of network infrastructure
•Mobile and/or web application assessments
•Email, phone, or physical social-engineering assessments
•Shell scripting or automation of simple tasks using Perl, Python, or Ruby
•Developing, extending, or modifying exploits, shellcode or exploit tools
•Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
•Reverse engineering malware, data obfuscators, or ciphers
•Source code review for control flow and security flaws
•Strong knowledge of tools used for wireless, web application, and network security testing
•Thorough understanding of network protocols, data on the wire, and covert channels
•Mastery of Unix/Linux//Windows operating systems, including bash and Powershell
•Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
•Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
•Demonstrated initiative and self-motivation
•Proven leadership governing/influencing people who are not direct reports
•Must be eligible to work in the US without sponsorship
Additional Qualifications:
•Ability to travel up to 20%
•Ability to successfully interface with Surescripts technical and non-technical management
•Ability to document and explain technical details in a concise, understandable manner
•Ability to manage and balance own time among multiple tasks
•Ability to partner with the CISO and the Information Security leadership team to set, follow, and track multi-year strategies, influence the organization to prioritize and remediate security vulnerabilities, and lead/mentor junior members of the Information Security organization
•Preferred Qualifications:
•Certifications such as SANS GPEN, GWAPT, and GXPN
•Experience in the health care industry
•Networks with key contacts outside own area of expertise, organization and industry

“TAJ Technologies, Inc. is an EEO/AA Employer: women, minorities, the disabled and veterans are encouraged to apply”

Back To Search Result Apply