Cybersecurity Specialist Penetration Tester
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. Thats why we provide an environment focused on openness, inclusion, trust and respect. Here, youll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more, please visit https://www.libertymutualgroup.com/about-lm/careers/benefits
Liberty Mutual has proudly been recognized as a Great Place to Work by Great Place to Work US for the past several years. We were also selected as one of the 100 Best Places to Work in IT on IDGs Insider Pro and Computerworlds 2020 list.
We have been named by Forbes as one of Americas Best Employers for Women and one of Americas Best Employers for New Graduatesas well as one of Americas Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veterans status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
Cybersecurity Specialist Penetration Tester
We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance.
Our Cybersecurity Specialists form a diverse team of hands-on technical security professionals who are collectively responsible for designing, implementing, managing, and monitoring the overall security posture of the organization. They partner with teams across the company to continually optimize our security posture while maintaining a hyper-focus on the reliability and stability of our business environments.
About The Job:
The penetration tester role will conduct offensive security operations within the companys Offensive Security team. This position involves the execution of network as well as web application penetration testing, Red Team operations, as well as collaborative efforts with defensive teams (Purple Teaming). The role requires the penetration tester to be able to learn new technologies on-the-fly" to be able to perform in-depth analysis of the security posture of many different applications. The tester will also be tasked with analyzing/writing custom exploits and automated software for various engagements. The candidate will produce detailed reports of their findings along with guidance for remediation and will be responsible for delivering those findings to subject matter experts as well as to leadership.
- Bachelors Degree or higher in Computer Science or related field
- 1-3 years of experience performing Offensive Security operations including: red teaming, penetration testing in an enterprise
- All phases of Red Team operations including: reconnaissance, social engineering, exploitation, lateral movement, exploitation
- Performing security assessments in Cloud environments (AWS, Azure, Google)
- Understanding of defensive controls and how to bypass/evade them
- Using and customizing commercial and open-source security assessment tools including Cobalt Strike, Impacket, Metasploit, and Bloodhound
- Modifying and using payloads to avoid common detection methods
- Deploying, configuring, and managing infrastructure to support Offensive operations both Cloud and on-premise
Familiarity with the following:
- Computer network, application, database, Cloud, and web exploitation techniques
- Active Directory and enterprise network exploitation
- OPSEC techniques including network traffic monitoring, post-exploitation activities, and payloads to blend in with target environments
- Secure web development practices
- Analyzing and debugging API frameworks
Experience with scripting/programming in one or more of the following languages with the ability to create or customize tools as needed:
Experience with open security testing standards and projects such as:
- MITRE ATT&CK
- CIS Top 20