Pentesting / Purple Team Lead

Santander US

4

(42)

Boston, MA

Why you should apply for a job to Santander US:

  • 4.5/5 in supportive management
  • 79% say women are treated fairly and equally to men
  • 79% would recommend this company to other women
  • 78% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • World’s highest-scoring bank in 2023 Bloomberg Gender-Equality Index
  • 14 weeks of paid maternity leave; 6 weeks of paid parental leave for fathers and non-birth parents
  • Inclusive fertility benefits; back-up childcare and eldercare; paid caregiver leave program
  • #Req1311478

    Position summary

    Provide deep subject matter expertise for Purple / Red Team & Ethical Hacking Techniques.

    • Analyze test results and providing feedback to the owners of services / infrastructure & stakeholders

    • Advanced knowledge of threat intelligence & vulnerability management

    • Collaborate with various groups and individuals to follow up remediation plans for vulnerabilities identified during automated Pentesting exercises.

    • Assist in incident response efforts by providing expertise and insights gained from ethical hacking activities to mitigate and remediate security incidents effectively.

    • Maintain detailed documentation of processes, methodologies, and findings related to ethical hacking activities.

    • Provides advisory support for regulatory examinations and audits by defining the how and why for all implemented decisions; ensures all requested documentation is provided.

    • Supports owner team members in the resolution of Risk related issues.

    Qualifications:

    • 10+ years of relevant experience with most of the requirements below:

    • Extensive experience working with Offensive Security Methodologies and Attack Simulation Techniques.

    • Offensive Security testing tools. e.g., Cobalt Strike, Bloodhound, Red Team Toolkit.

    • Experience leveraging the MITRE ATT&CK Framework.

    • Vulnerability Assessment tools. e.g., Nessus, Qualys, Rapid7

    • Exploitation frameworks, e.g., Metasploit, CANVAS, Core Impact

    • Social Engineering campaigns. e.g. email phishing, phone calls, SET

    • Deep understanding of OSI model

    • Security devices, i.e. Firewalls, VPN, AAA systems

    • OS Security. e.g. Unix/Linux, Windows, OSX

    • Understanding of common protocols. e.g. HTTP, LDAP, SMTP, DNS

    • Web application infrastructure. e.g. Application Servers, Web Servers, Databases

    • Web development and programming languages. e.g. Python, Perl, Ruby, Java, .Net

    • Proven experience with attack simulation and threat hunting is a must

    • Advanced Microsoft Office skills preferred

    • Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations

    • Advanced analytical and problem-solving skills

    • Consistently demonstrates clear and concise written and verbal communication

    • Preferred Certifications: PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP.

    • Proficient in interpreting and applying policies, standards and procedures.

    Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.

    Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law.

    Working Conditions: Frequent Minimal physical effort such as sitting, standing, and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.

    Employer Rights: This job description does not list all the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.
    Bachelor of Science (BS) English

    Primary Location: Dorchester, MA, Dorchester

    Other Locations: Massachusetts-Dorchester

    Organization: Santander Holdings USA, Inc.

    AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO

    Why you should apply for a job to Santander US:

  • 4.5/5 in supportive management
  • 79% say women are treated fairly and equally to men
  • 79% would recommend this company to other women
  • 78% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • World’s highest-scoring bank in 2023 Bloomberg Gender-Equality Index
  • 14 weeks of paid maternity leave; 6 weeks of paid parental leave for fathers and non-birth parents
  • Inclusive fertility benefits; back-up childcare and eldercare; paid caregiver leave program