Senior IT Security Engineer - Pen Testing Job
Posted on Apr 21, 2021 by BJ's Wholesale Club
BJ's Wholesale Club was the first retailer to introduce the warehouse club concept in the northeastern United States. Today, we're a multibillion dollar operation with more than 200 clubs in 17states from Maine to Florida.
While our Members know us for helping them save up to 25% off grocery prices every day, our Team Members love us for providing a supportive and engaging workplace that's committed to developing great talent.
If you're a motivated and enthusiastic person who enjoys working collaboratively and is committed to providing great service for our Members, we want to hear from you. BJ's offers a fast-paced, team environment with great training opportunities and competitive salary and benefits packages to help you succeed.
The Sr IT Security Engineer will fill a fundamental role meaningful role within Threat Operations Team with the focus on Penetration Testing, Threat Hunting, and Threat Emulations to proactively identify vulnerabilities.
This Security Engineer will also work with other security teams on architecting, implementing technologies, processes, and improvements.
Responsibilities include but are not limited to:
- Create and maintain evaluation and technical testing plans to proactively identify vulnerabilities, misconfigurations, and visibility shortfalls
- Create set of testing capabilities that can be provided during new IT services being deployed, major changes to critical systems, and new enhancements to applications or web services
- Strive to automate testing, documentation, and repeatability for a continuous Threat hunting program
- Participate in proactive research and provide recommendations for continuous improvement on information security technologies, processes and services
- Assists incident handling for the Cyber Security Incident Response Team (CSIRT). Assists with corrective action plans, audit findings and security issues, ensuring problems are resolved in an effective and timely manner.
- Proven development of emulating known malicious actor's common toolsets
- Participate in third party evaluation engagements or Penetration Tests
- Emulate top Tools, Tactics, and Procedures (TTPs) of malicious actors to proactively identify potential security posture shortfalls
- Identify controls and logging shortfalls to Influence enhancements to the firm's security program
- 3 to 5 years in perform evaluations that include Penetration Testing, Purple Teaming, and Vulnerability Management
- Bachelor's Information Technology, Computer Science or related field
- Ability to provide day to day evaluations to provide critical insight for senior leadership and strategy personnel
- 3 years experience in conducting threat hunting initiatives and evaluating controls leveraging frameworks such as MITRE ATT&CK.
- Capable of authoring custom evaluation plans with emphasis on identifying those that can be performed on a continuous basis, and finally identify those plans that can be automated
- Expertise in Shell Scripting and other programming languages, such as Powershell and Python
Nearest Major Market: Worcester