Red Team Leader

Company: AmerisourceBergen Corporation
Location: Wichita
Posted on: March 17, 2023

Job Description:

Are you looking to make a difference in a patient's life? At AmerisourceBergen, you will find an innovative and collaborative culture that is patient focused and dedicated to making a difference. As an organization, we are united in our responsibility to create healthier futures. Join us and Apply today!What you will be doingAs of August 24, 2021, AmerisourceBergen requires all U.S. team members to be fully vaccinated and show proof of completed vaccine status at time of hire. If you cannot receive the COVID-19 vaccine due to a disability/medical reason or sincerely held religious belief you will be required to follow AmerisourceBergen's policy and process to apply for an exemption/accommodation. Summary:Individuals within the Information Security role plan, execute, and manage multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness. They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. These individuals provide expertise and assistance to ensure the company's infrastructure and information assets are protected. Individuals develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures and use of firewalls and encryption routines. They perform security assessments and security attestations. To enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the business and internal IT groups. These professionals work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. They also communicate and educate IT and the business about security policies and industry standards and provide solutions for enterprise/business security issues. Primary Duties and Responsibilities:

• Plan, lead, and execute Red Team exercises against various architectures and produce monthly report
• Execute test cases and produce playbooks monthly
• Assist with reporting red team operational activities, including outcomes and monthly metrics, to security leadership
• Engage in security monitoring and visibility improvement activities across the AmerisourceBergen's organization
• Create and document tactics, techniques, and procedures (TTPS) used during red team exercises
• Utilize Threat Modeling methodologies to identify threats and shape Red Team operations on a daily operation
• Communicate with various business and technology leaders (Cyber and Infrastructure teams) to interpret identified vulnerabilities and assist in the development and planning for to improve overall defense
• Perform Red Team Engagement Reporting for Ad-hoc and scheduled metrics report for various KPIs around vulnerability management activities
• Perform in-depth analysis of Red Team engagements results and provide a detail report that describes findings, exploitation procedures, risks, and recommendations
• Responsible to identify and exploit security vulnerabilities in a wide array of technology stacks in a variety of situations
• Identify vulnerabilities and gaps in technology and defenses
• Design security test cases with the intent to exploit security-protected applications
• Respond to questions from stakeholders about Red Team engagement reports
• Collaborate with support groups/stakeholders on details about identified vulnerabilities
• Make recommendations on how to improve security assessments, Red teaming initiatives, and Cyber Defense tools through automation and processes
• Analyze business policies for effectiveness, make suggestions on security policy improvements, and enhance security testing methodology material
• Stay up to date on latest vulnerabilities and potential impact to AmerisourceBergen environment, as new vulnerabilities are released, must stay on top of information related to them and how they may impact AmerisourceBergen
• Testing application code level vulnerabilities using penetration testing methodologies Maintain day-to-day relationship with security and services partners
• Assist in development of security solutions for critical and/or highly complex assignments
• Assist in development of remediation strategies and risk responses associated with the protection of infrastructure and information assets
• Ability to work independently taking initiative and as part of a team participating in a collaborate effort for a common goalWhat your background should look like
  • Bachelor's degree in computer science, CyberSecurity or other related field, or equivalent work experience
  • Experience in application and network security testing
  • Typically requires at least 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years' experience in conducting penetration testing
  • Requires Security Certification(s) (i.e., Offensive Security Certified Professional (OSCP), eLearnSecurity Web application Penetration Tester (eWPT) or other equivalent recognized security certifications
  • Familiarity with programming languages (such as Python, PowerShell, SQL, C#, JavaScript, Ruby, Java, Apex, ABAP, and Perl)
  • Working knowledge with open-source security tools (Burp, Nmap, SSlscan, Sqlmap, Nikto, Metasploit, etc.) and COTS (WebInspect, Fortify, Qualys, Windows Defender, Tanium, FireEye, CrowdStrike, Cobalt Strike)
  • Familiar with OWASP Top 10 Methodologies
  • Familiar with SANS Top 25 controls
  • Familiar with Penetration Testing Standards
  • Familiar with MITRE ATTACK framework
  • Familiar with Red and Purple Team Engagements
  • Great attitude to help, learn and grow, excitement is always welcome
  • Experience applying structured analytical methodologies in effort to solve complex security engagements
  • Experience with Red and Blue teaming or equivalent
  • Solid understanding of vulnerabilities reported and the ability to conduct impact analysis of security threats
  • Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures
  • Demonstrate the ability to circumvent CyberSecurity defense controls and solutions (Bypassing WAFs, evading EDR detection, etc.)
  • Demonstrated sound understanding of at least 3 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST, HIPAA, SOX, and PCI
  • Possess one or more of the following certifications: OSCP, OSCE, OSWE, GWAPT, GXPN, EWPT
  • Strong consultative skills: ability to interface effectively with technical and non-technical leaders
  • Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risksWhat AmerisourceBergen offersWe offer a competitive total rewards package which includes benefits and compensation. Our commitment to our eligible population of team members includes benefit programs that are comprehensive, affordable, diverse, and designed to meet the needs of our team members' and their families. Some of these programs include paid time off including paid parental leave, access to retirement savings vehicles, medical, dental, vision, and life insurance options, an employee stock purchase program, and other financial, health, and well-being focused benefits.Because we take a balanced, global approach to our benefits, benefit offerings may vary by location, position, and/or business unit. Some benefits are company-paid, while others are available through team member contributions. For details visit https://www.virtualfairhub.com/amerisourcebergen.ScheduleFull timeAffiliated CompaniesAffiliated Companies: AmerisourceBergen Services CorporationEqual Employment OpportunityAmerisourceBergen is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.AmerisourceBergen is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email . We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned

Keywords: AmerisourceBergen Corporation, Wichita , Red Team Leader, Hospitality & Tourism , Wichita, Kansas