CNA Insurance · 8 hours ago
Director, Ethical Hacking (Red Team/Mitre Attack)
United States
Full-time
Remote
Director/Executive
10+ years exp
Maximize your interview chancesFinanceFinancial Services
Insider Connection @CNA Insurance
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Accelerate maturation of Ethical Hacking program services and capabilities in alignment with industry trends and organizational priorities.
Develop and deliver Ethical Hacking strategy, initiatives, roadmaps, automation, and continuous improvements.
Lead and manage the performance and development of the Ethical Hacking team.
Collaborate with stakeholders to define security assessments by analyzing information requirements, determining system architecture components and technologies, studying business capabilities, developing points of views on emerging technologies, and evaluating their applicability to business goals and operational requirements.
Collaborate with stakeholders to aid defensive prevention, detection, and response capability improvements and attack surface management activities.
Provide coaching, guidance, and direction on Ethical Hacking activities ensuring overall fit within Global Enterprise Security and the organization.
Participate in technical testing of assets, resources, and services from operational planning initiation through reporting and risk management activities.
Communicate findings, attack paths, and risk recommendations to technical and non-technical stakeholders and senior leadership through written reports and verbal presentations.
Oversee the development of tooling, techniques, methodologies, and processes to improve team capabilities to deliver high-quality assessments.
Responsible for continued contributions to the Ethical Hacking team knowledge base.
Demonstrate expert understanding of penetration testing and red teaming tooling, techniques, and methodologies.
Develop and customize payloads specific to the environment to circumvent defensive prevention, detection, and response capabilities.
Establish performance and program metrics and KPIs to leverage in reporting and driving continuous control, process, team, and program improvements.
Other duties as assigned.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Senior-level knowledge of tools associated with penetration testing and red teaming (Cobalt Strike, Burp Suite, etc.)
Ability to effectively code in one or more programming languages (Python, Go, Rust, etc.)
Expert level knowledge of Ethical Hacking, red team, purple team, penetration testing, and social engineering security concepts
Proven ability to effectively lead, manage, coach, and develop a team
Senior-level knowledge of security technical solutions (to properly assess compensating controls and their affect)
Senior-level knowledge of modern security architectures (e.g., zero trust)
Demonstrated success in establishing strategic objectives and driving tactical execution of initiatives aligned with company goals and objectives
Subject matter expertise across all facets of Ethical Hacking
Bachelor's degree in Computer Science, or related discipline, or equivalent work experience
Typically a minimum of ten years in Information Technology, preferably with Penetration testing and Red Team experience
Preferred
Applicable certifications preferred (e.g., CRTO, CRTL, OSCP, OSEP, GPEN, PMP, CISSP)
Company
CNA Insurance
CNA is one of the largest U.S. commercial property and casualty insurance companies.
5,001-10,000 employees
Funding
Current Stage
Public CompanyTotal Funding
$0.88M2016-09-12Post Ipo Equity· $0.88M
1978-01-13IPO· nyse:CNA
Leadership Team
D. Craig Mense
Executive Vice President & Chief Financial Officer
Liz Aguinaga
Senior Vice President & Chief Human Resources Officer
Recent News
Business Insurance | News
2024-05-23
2024-03-07
Company data provided by crunchbase
