The Ethical Hacking Program Manager will be responsible for developing and leading the Information Security (IS) strategy for identifying security weaknesses and vulnerabilities across the enterprise as well as testing, detect and respond capabilities that keep digital assets safe. In addition, requires staying up to date on the latest security threats and testing current and future additions to the network including hardware and software. Finally, ensures that other security teams understand both common and emerging security flaws and help monitor the network for any suspicious behavior. This is a hands-on role that requires a security professional who has subject matter expertise in areas such as red and blue team activities, penetration testing, threat hunting, application security, incident response, and network defense.
Set strategic vision for the Ethical Hacking Program, in conjunction with the overall Information Security program.
Implement, develop, and manage Ethical Hacking Team which includes * Penetration testing focused on Web apps, Web services, Mobile apps, Thick clients; Red Team Attack Simulation & Purple Team Activities; and Vendor AppSec Testing.
Leverage attacker perspective and skill-sets to sharpen capabilities of other cyber programs.
Perform risk assessment across the entire network including hardware and software systems
Create scripts that test for vulnerabilities including penetration testing and risk assessment
Develop or acquire tools and related processes that improve security testing and monitoring
Establish relationships and gain buy in for new Ethical Hacking initiatives and programs.
Participate in the evaluation of new AppSec tools and technologies.
Create and manage board reported metrics indicating health of Ethical Hacking program.
Providing strong leadership and cross-functional / stakeholder communications.
Evaluating new security trends and technologies designed to enhance the information security program.
Participating as a subject matter expert in the incident response program.
Attending design and application architectural reviews and actively lead discussions from a security standpoint.
Establish security policies that help personnel use best practices for digital protection
Review and hire vendors to incorporate security systems
Train staff and personnel on best practices for network security
SKILLS & EXPERIENCE REQUIRED:
Undergraduate degree in Computer Science or related field, advanced degree (Masters level) preferred.
10+ years of information security related experience
5+ years of ethical hacking experience, preferably in financial vertical, with proven track record of program success.
Possess professional certifications CISSP, OSCP, GWAPT, GPEN, or related.
Strong program development, program management and leadership skills including experience in developing, documenting and establishing application security programs and best practices.
Proven ability to develop effective, matrixed, cross-organization relationships as well as collaborate and communicate across business and technology stakeholders in multiple geographic areas.
Strong understanding of application threat modeling and SDLC security aspects.
Prior working experience in and with software development teams.
Familiarity with application vulnerability testing tools such as AppScan / Web Inspect, etc. preferred.
Should possess extensive business support experience (e.g. develop integrated business routines, well organized, understands corporate governance, KRI/metric setting/tracking)
Ability to influence peers, colleagues and managers across business and divisional lines to take action on complex, technical or sensitive topics with companywide impact.
Ability to effectively communicate security and risk related concepts to a broad range of technical and non-technical staff.
Must be analytical and possess ability to interpret and apply policies and regulations across a large, complex business.
Strong leadership, critical thinking and collaboration skills required. Innovative thinker that can drive change throughout the division/organization
Must be able to work in a team environment with the ability to interact well, and in a positive manner, with senior management
CANDIDATES MUST BE US CITIZEN OR HAVE VALID GREEN CARD/ EAD