Job Title: Security Threat Specialist
Job ID: 06330
Division: Information Services
Work Location(s): United States-Wisconsin-Madison
Full/Part Time: Full-Time
Position Details:
Experience performing pen testing is strongly preferred.
Position Objective
The Security Threat Specialist utilizes solid business knowledge and expert technical experience in security to provide leadership and expertise as it relates to the monitoring and analysis of security threats and vulnerabilities. Uses cutting edge techniques and technologies to perform various security assessments and tests including penetrations tests, vulnerability scans, and forensic analysis for web-based applications, mobile applications, network infrastructure and operating platforms. Develops analytical frameworks, tools, and research methodologies in order to identify emerging cyber threats and provide actionable intelligence.
Primary Accountabilities
- Threat Management (50%)
- Researches and analyzes emerging cyber threats and threat intelligence from a number of sources and relevant cyber-intelligence feeds. Contextualizes finding to company`s specific business risks or vulnerabilities.
- Monitors sources and feeds for indicators of information security threats and analyzes such threats to provide actionable intelligence.
- Performs complex forensic analysis of threats.
- Provides analysis of mobility infrastructure.
- Conducts complex penetration tests and assessments of threats and vulnerabilities for web applications, mobile applications, network, and social engineering. Assess level of risk based on threats, vulnerabilities and exploits uncovered in testing.
- Develops penetration testing methodology. Develops custom penetration testing techniques and tools.
- Performs research driven threat modeling.
- Analyzes Malware code in support of incident analysis and response. Performs complex malware reverse engineering.
- Performs complex breach detection and analysis.
- Technical Leadership (40%)
- Interprets and disseminates security related threat and vulnerability information to upper management.
- Drives reduction of high risk vulnerabilities by regularly communicating with stakeholders and management.
- Provides direction and thought leadership in the threat landscape space.
- Identifies vulnerabilities in software development lifecycle and infrastructure configuration and business logic including static/dynamic code analysis. Educates business partners on the inherent risks and provides meaningful hardening and mitigation strategies.
- Researches and communicates needed configuration standards in response to ever changing threat landscape. Demonstrates innovation and agility in the mitigation of data exposure.
- Acts as a resource for direction, training and guidance for less experienced staff.
- Research and Development (10%)
- Stays informed about the latest developments in the security field, including threats towards the organization, tools, attack vectors, and cutting edge preventative measures.
- Participates in new products or technology solutions supported by appropriate ROI, total cost of ownership, and/or cost benefit analyses.
- Leads technical proof of concepts.
Job Competencies
- Achieve Results
- Be Accountable
- Maximize Customer Experience
- Analytical Thinking
- Influence
- Problem Solving
- Relationship Building
- Technical Expertise
Specialized Knowledge and Skills Requirements
- Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.
- Demonstrated experience performing cyber threat analysis, forensics analysis, penetration testing, and ethical hacking.
- Demonstrated experience with network security monitoring or security incident and event monitoring.
- Extensive knowledge and understanding of fraud, risk and security issues.
- Extensive knowledge and understanding of security technologies, enterprise level network architecture, and application development methodologies.
- Solid knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards.
Travel Requirements
- This position requires travel up to 20% of the time
Working Conditions
- Ability to participate in 24x7 off hour/on call on a rotating basis.
Company Information
We offer a comprehensive benefits package that includes health, life and dental insurance, a 401(K) plan, paid holidays, vacation and sick leave and the opportunity for career development. If you would like to put your career in motion apply online today!
A career move to join American Family Insurance may also mean a physical move for you. If you are selected for an interview, information will be provided on the level of relocation assistance available during the interview.
Offer to selected candidate will be made contingent on the results of background checks.
LI:JM1
CB1
Please review the job requirements.
Job ID: 06330
Division: Information Services
Work Location(s): United States-Wisconsin-Madison
Full/Part Time: Full-Time
Position Details:
Experience performing pen testing is strongly preferred.
Position Objective
The Security Threat Specialist utilizes solid business knowledge and expert technical experience in security to provide leadership and expertise as it relates to the monitoring and analysis of security threats and vulnerabilities. Uses cutting edge techniques and technologies to perform various security assessments and tests including penetrations tests, vulnerability scans, and forensic analysis for web-based applications, mobile applications, network infrastructure and operating platforms. Develops analytical frameworks, tools, and research methodologies in order to identify emerging cyber threats and provide actionable intelligence.
Primary Accountabilities
- Threat Management (50%)
- Researches and analyzes emerging cyber threats and threat intelligence from a number of sources and relevant cyber-intelligence feeds. Contextualizes finding to company`s specific business risks or vulnerabilities.
- Monitors sources and feeds for indicators of information security threats and analyzes such threats to provide actionable intelligence.
- Performs complex forensic analysis of threats.
- Provides analysis of mobility infrastructure.
- Conducts complex penetration tests and assessments of threats and vulnerabilities for web applications, mobile applications, network, and social engineering. Assess level of risk based on threats, vulnerabilities and exploits uncovered in testing.
- Develops penetration testing methodology. Develops custom penetration testing techniques and tools.
- Performs research driven threat modeling.
- Analyzes Malware code in support of incident analysis and response. Performs complex malware reverse engineering.
- Performs complex breach detection and analysis.
- Technical Leadership (40%)
- Interprets and disseminates security related threat and vulnerability information to upper management.
- Drives reduction of high risk vulnerabilities by regularly communicating with stakeholders and management.
- Provides direction and thought leadership in the threat landscape space.
- Identifies vulnerabilities in software development lifecycle and infrastructure configuration and business logic including static/dynamic code analysis. Educates business partners on the inherent risks and provides meaningful hardening and mitigation strategies.
- Researches and communicates needed configuration standards in response to ever changing threat landscape. Demonstrates innovation and agility in the mitigation of data exposure.
- Acts as a resource for direction, training and guidance for less experienced staff.
- Research and Development (10%)
- Stays informed about the latest developments in the security field, including threats towards the organization, tools, attack vectors, and cutting edge preventative measures.
- Participates in new products or technology solutions supported by appropriate ROI, total cost of ownership, and/or cost benefit analyses.
- Leads technical proof of concepts.
Job Competencies
- Achieve Results
- Be Accountable
- Maximize Customer Experience
- Analytical Thinking
- Influence
- Problem Solving
- Relationship Building
- Technical Expertise
Specialized Knowledge and Skills Requirements
- Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.
- Demonstrated experience performing cyber threat analysis, forensics analysis, penetration testing, and ethical hacking.
- Demonstrated experience with network security monitoring or security incident and event monitoring.
- Extensive knowledge and understanding of fraud, risk and security issues.
- Extensive knowledge and understanding of security technologies, enterprise level network architecture, and application development methodologies.
- Solid knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards.
Travel Requirements
- This position requires travel up to 20% of the time
Working Conditions
- Ability to participate in 24x7 off hour/on call on a rotating basis.
Company Information
We offer a comprehensive benefits package that includes health, life and dental insurance, a 401(K) plan, paid holidays, vacation and sick leave and the opportunity for career development. If you would like to put your career in motion apply online today!
A career move to join American Family Insurance may also mean a physical move for you. If you are selected for an interview, information will be provided on the level of relocation assistance available during the interview.
Offer to selected candidate will be made contingent on the results of background checks.
LI:JM1
CB1
Please review the job requirements.