23 Mar
Penetration Tester (Remote)
California, Other 00000 Other USA

Vacancy expired!

Your Opportunity In Corporate Risk Management (CRM), our mission is to execute an independent and coordinated risk management program that supports delivery of predictable long-term financial and operational performance in order to produce successful client and shareholder outcomes. In CRM's Technology Risk Management (TRM), we support CRM's mission by managing information and technology risks to protect client assets, client information and firm assets.Our Threat Management & Penetration Testing (TMPT) team is seeking a penetration tester who will help strengthen the Technology Risk Management program by conducting and overseeing various penetration testing and technical assessment activities. The position will assist the Technical Managing Director of the TMPT in day-to-day testing and risk identification activities. The candidate must have a complete understanding of networking, applications, operating systems, coding, penetration testing, exploit development, and threat modeling. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team. What you are good at

  • Lead and/or conduct network, application and mobile penetration tests as well as threat analysis, wireless network assessments, and social-engineering assessments
  • Coordinate vendor-led penetration testing engagements
  • Lead and/or facilitate secure design review (threat modeling) activities against Schwab's assets in support of the firm's Technology Risk Management mission
  • Assess first line of defense's consistency to firm policies, standards, and standard methodologies by providing effective challenge and oversight of first line of defense programs
  • Write clear and concise formal assessment reports for both technical and executive level audiences
  • Coordinate test findings with applicable technology, information security, and business groups
  • Conduct thematic and trend analysis on security assessment findings resulting from both first and second lines of defense assessment activities
  • Perform remediation testing of security vulnerabilities that have been fixed and provide evidence of the results
  • Prepare regularly scheduled and ad-hoc reports for management and risk committees regarding status of risk activities
  • Maintain ongoing proficiency in network and application exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, network security and encryption
  • Participate in strategic and tactical planning with first line of defense partners to mature the Firm's Cyber Resilience posture
  • Help define management reporting requirements and metrics, including risk appetite metrics and key risk indicators
What you have
  • 5-10 years of experience in information security
  • 5+ years of penetration testing experience
  • Knowledge of adversarial activity in order to replicate similar tactics, techniques, and procedures (TTPs) during internal and external security assessments.
  • Experience running a variety of penetration testing tools, performing manual testing, validating test results, identifying root cause, analyzing vulnerabilities, and helping develop platform-specific remediation plans
  • Experience with multiple OS such as Windows, Linux, Mac OSX, iOS, and Android
  • Experience with scripting languages and C/C, ASP.NET, Java, Java EE, multiple RDBMS
  • Familiarity with the concepts of defensive programming, OWASP Top-10, and SANS Top 25 vulnerabilities
  • Ability to assess and effectively communicate the operational, technical, and financial impact of findings and control issues to executive and business leadership, using language that is relevant to and understandable by the business
  • One or more of the following security certifications preferred: Offensive Security Certified Professional (OSCP); Offensive Security Web Expert (OSWE); GIAC Penetration Tester (GPEN); GIAC Web Application Penetration Tester (GWAPT) eLearnSecurity Certified Penetration Tester eXtreme (eCPTX); eLearnSecurity Web application Penetration Tester (eWPT); Certified Information Systems Security Professional (CISSP)
  • Understanding of the 'Three Lines of Defense' governance model
  • BS in Computer Science or equivalent degree/experience preferred

Vacancy expired!


Report job