Cybersecurity Red Team Cybersecurity Red Team Job Locations US-TX-Arlington Requisition ID 2018-33732 Employee Type Full Time-Regular Category Information Technology Travel 0-10% Overview GM Financial is the international captive finance company and wholly owned subsidiary of General Motors. With more than 9,000 hard-working team members, we're always looking for new people with diverse talents. GM Financial is a workplace where dedicated people have the opportunity to work together and celebrate our successes. We offer a comprehensive benefit package that is above industry standards as well as offer a great work-life balance. We have built our culture based on respect, integrity, innovation and personal development. To find out more about us and how to start your career at GM Financial visit our website at www.gmfinancial.com/careers . GM Financial encourages our Cybersecurity professionals to transform and revolutionize. Our Cybersecurity professionals are encouraged to break traditional approaches. GM Financial s Cybersecurity program is an agile environment where prudent security controls are implemented and matured, through our forward thinking security organizations, and with support of engaged and industry respected executive leadership. The Cybersecurity Red Team is dedicated to performing 'objective-based' assessments replicating known threat actors, with known tactics, techniques and procedures. The AVP Cybersecurity Red Team will coordinate and oversee execution of ethical hacking and penetration tests of the General Motors Financial (GMF) information environment including both physical and logical security controls and systems. The goal will be to assess and analyze GMF's security posture as well as its ability to respond to hacker-simulated attacks. This position requires an established expert responsible for scoping engagements, presenting results and methodologies, and working with stakeholders across Cybersecurity, ITS, and business units to remediate findings. This position requires a professional who works well with others, and performs in challenging situations, is pragmatic, and is motivated by long-term results. Additionally, the GMF Red Team will be responsible for identifying and testing new tools, techniques and methods used for penetration testing activities. Finally, the AVP Cybersecurity Red Team will be responsible for communicating testing methodologies and findings to executive leadership in Cybersecurity, ITS, and other business units. Responsibilities JOB DUTIES The Cybersecurity Red Team will conduct GM Financial's internal penetration testing and red team exercises which includes, penetration testing, Red/Blue teaming programs, Cybersecurity Tabletop exercises; summarizing the exercise for senior leadership, including areas of success and areas of opportunities The Cybersecurity Red Team integrates the team's identification and remediation of any findings, which are produced by the associated programs, with the other Cybersecurity departments, as well as Cybersecurity's business and information technology partners The Cybersecurity Red Team works closely with other groups within the Global Technology organization in order to develop the strong partnerships required to meet cybersecurity technology goals integrating the a designs for secure application, network, and product development supporting business intelligence REPORTING RELATIONSHIP AVP Cybersecurity US Qualifications Knowledge Deep understanding of penetration testing and red teaming frameworks and concepts Passion for protecting networks, systems and data from cyber attacks Strong understanding of cybersecurity concepts and related technology solutions Experience leading an enterprise wide cybersecurity internal assessment, including a knowledge of control strategies for a global organization Strong consultative skills required to work directly with other technology teams with appropriate influence Building strong networks within the firm to spot and capitalize on opportunities to get involved in projects that others are leading across a number of different business units and sectors Manage and deliver large projects by developing the project team, assessing engagement risks throughout, driving conclusions, and reviewing / challenging the output produced by the team Helping to grow and develop our team through hands on training and coaching Programming experience in on or more languages such as Python, Ruby, Perl, Bash, Java Advanced knowledge of operating and database security (Windows, UNIX/Linux, SQL, Oracle, etc) Skills Must be able to effectively communicate to anyone in the organization, from the most technical operator to the least technical business partner Must be proficient with the common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, etc) Ability to interpret and document business and technical requirements Good interpersonal, verbal and written communication skills Detail oriented with good time and analytical skills Ability to exercise prudent judgment and offer knowledgeable advice Ability to work both independently and in a team environment Ability to manage multiple projects and tasks Ability to manage production sensitive situations Demonstrated level of integrity when dealing with confidential and sensitive information Demonstrated knowledge of tactics used by malicious insiders, techniques and procedures associated with state sponsored threat actors Must be able to examine an organization from the standpoint of a threat actor and articulate risk in clear, precise terms Ability to effectively code in a scripting language (Python, Perl, etc) Demonstrated knowledge of internal penetration testing tactics, techniques, and procedures Experience performing application security source code reviews Experience developing custom exploits Hands-on experience in the security aspects of multiple platforms, operating systems, software, and network protocols Hands-on experience with commercial and open-source network and application security testing tools Education High School Diploma required Bachelors Degree in Computer Science, Computer Engineering, Information Technology, Information Security, Information Assurance, Information Management or equivalent experience required Experience 3-5 years of experience in penetration testing, vulnerability management, or ethical hacking required Licenses and Certifications Cybersecurity and ethical related (e.g OSCP, OSCE) upon hire preferred Options Apply Now!