Senior ATM Penetration Tester - Irving, TX or Portland, OR
Irving, TX

Job Description

Our Assessment Services department is looking for a strong cyber security professional to join our Advanced Security Testing Team. This role will involve performing penetration testing and cutting-edge research on new attack vectors, techniques, and tactics in our ATM environment.

This role will also emulate adversarial attacks in order to provide information to U.S. Bank Lines of Business with the overall goal of providing knowledge of indicators or compromise and TTP (Tools, Tactics, and Procedures) to other teams. Team member will be creating attack chains and will explain how combining different weaknesses can result in higher impact. This team member must be able to utilize complex hacking tools, create proof of concept exploits, and document attack chains so they can be re-created and defensive tactics developed for them. Research, analyze, design, test, and implement complex technologies, systems, and applications.

Focus of this role will be to perform ATM device testing and offensive testing.

Responsibilities

* Conduct penetration testing of ATMs
* Conduct Threat Emulation
* Conduct innovative research in cyber security
* Conduct active offensive and/or adversarial operations
* Conduct physical security assessments
* Develop custom penetration testing tools
* Develop in-depth findings reports
* Document the impact and severity of attack chains to be presented to the lines of business
* Act as a subject matter expert to convey technical details on attacks to the blue teams

The preferred location for this position is 1.) Irving, TX 2.) Pittsburg, PA 3.) Portland, OR Other locations may be considered.

Basic Qualifications:

* Bachelor's degree or equivalent work experience
* ISACA Certified Information Security Manager
* Certified Information System Security Professional
* Certified Information Systems Auditor
* At least 7 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

Desired Qualifications

* Advanced Information Security technical skills
* Proficient in working with systems, networks, and application vulnerability testing
* Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
* Security engineering experience that includes knowledge and understanding of recent research and industrial advances in one or more of the following areas computer and communication networks, cyber security threat detection, cyber security experimentation and testing, innovative research in cyber security, physical security controls and their weaknesses, debugging, hardware and device hacking, or electronics security
* Assessment experience in three or more of the following mobile, web application, mainframe, wireless or network penetration testing
* Knowledge and understanding of Python, Ruby, PowerShell, and Shell scripting
* Physical hardware hacking experience
* Physical security assessments experience
* Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
* Ability to work effectively, as well as independently, in a team environment
* Strong organizational, multi-tasking, and prioritizing skills
* Ability to handle confidential material in a professional manner
* Excellent verbal, written, and interpersonal communication skills
* Knowledge and understanding of banking or financial services industry
* Experience working in a large enterprise environment
* Strong analytical skills with high attention to detail and accuracy
* Knowledge and understanding of system/application architecture and design concepts
* Ability to present complex material in a digestible, consumable manner to all levels of management

Other Desired Qualifications

* Certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE)
* Exceptional report writing skills using a penetration tester framework/methodology
* Reverse engineering and exploit creation/modification
* Highly experienced with operating system and application hardening best practices
* Strong ability to find and dissect vulnerabilities without using standard and self-created tools
* Demonstrates issue resolution and negotiation skills
* Strong ability to create proof of concepts from discovered potential vulnerabilities
* Comprehensive understanding of recent research and industry advances in the following areas Computer and communication networks, Cyber security threat detection, Cyber security experimentation/testing, and Programming
* Perform debugging, performance evaluation, and paper/document writing
* Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture
* Leads with red team activities and supports computer security incident response activities and the technical investigations of information security related incidents