We are looking for Information Security Assurance professional to join the Crane Company Global Information Security Team in supporting our global information security program. The ideal candidate will have a solid proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, and have had broad exposure to application and systems testing and vulnerability assessments programs. Previous experience working as part of a penetration (red) team or purple team is required.
In this role, the Assurance Lead will work closely with other Global Information Security team members, both in operations and in incident response to test our defenses, assist with planning exercises, and guide the overall approach to mitigating risk and closing security gaps.
Responsibilities and Duties:
- Mentor other team members and provide expertise & collaboration
- Perform network and security reviews on various enterprise systems and applications and work with security and technology teams to ensure effective controls over security of data in various systems
- Manage and administer tooling to support the Assurance function
- Evaluate the security posture of systems and security processes to uncover vulnerabilities and potential exploitation vectors
- Participate and support sustaining vulnerability assessment processes
- Manage projects and hold teams and team members accountable
- Exploit suspected software and hardware vulnerabilities and inspect network traffic for data leakage
- Plan and develop penetration methods, scripts and tests
- Create reports and remediation recommendation from findings
- Presenting findings and risks to both technical and non-technical audiences
- Provide business and data Intelligence supporting threat analysis
- Work closely with business and technology managers to fix processes/procedures for data protection
- Engage with vendors and 3rd parties in the development and execution of security testing
- Manage and review our attack surface. Assign and delegate remediation actions to the Business
- Effectively participate in data governance and risk compliance plans
- Raise incidents involving the potential for data loss or threats against data
- Reporting and Metrics to support program objectives
Qualifications and Competencies:
- Minimum 5 years of work experience in penetration testing & application security testing
- Experience in performing security assessments using Kali Linux, Metasploit and other similar tools
- Proficient in using PowerShell, Perl, Ruby and other similar languages to create penetration testing solutions
- Experience with Attack Surface Management tools and processes
- Foundational level of knowledge and experience with administering enterprise-level Information Technology systems including networks virtualization, could, operating systems, storage, databases, etc.
- Ability to work both independently and as part of a small, distributed team
- Breach/Attack simulations and tabletop exercises
- Flexibility to work outside regularly scheduled/normal business hours as required
- Commitment to security training and earning corresponding certifications
- Highly motivated and self-directed
- Excellent verbal and written communication skills
- Passion for solving complex problems
- Ability to prioritize, schedule and track to deadlines
- Required: Degree in a related field or at least 5 years relevant professional experience
- Desired: Technical professional security certification such as CEH, GPEN, or similar
- US Person as defined under EAR PART 772 AND ITAR 120.15
Crane Co. is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, or national origin or any other characteristic protected under applicable federal, state, or local law.