Security Testing Specialist - Red Team Operator
Job Profile
Position Overview
At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success. As a Security Testing Specialist within PNC’s Technology organization, you may be based in a remote location. This is a remote position. Work may be performed from a quiet, confidential space in a home location, approved by PNC. This position may not be available in all geographic locations.
The PNC Red Team is seeking a Red Team operator to support covert attack simulations, attack surface research, and tool creation and maintenance.
The preferred candidate will have a background in conducting network penetration tests or Red Team operational tests against production systems and live targets. The following skills and knowledge are desirable:
· Network architecture and protocols
· Vulnerability exploitation based on published information.
· Facility with Windows and Linux-based operating systems.
· Experience in Microsoft Windows programming (primarily C/C++)
· Experience with other programming languages (e.g. Python, Go, C#).
· Experience with command and control frameworks.
· Knowledge of physical security concepts.
· Experience with collaborative purple team testing such as atomic simulations.
· Knowledge of enterprise defense prevention and detection tooling.
Primary Responsibilities:
· Assist during Red Team engagements throughout planning and operations.
· Conduct full-spectrum attack simulations (technology, social, physical)
· Conduct research to identify novel attack paths for ongoing and future Red Team engagements.
· Identify trends with regards to adversary tactics, techniques, and procedures, targeting, malware development and implementation.
· Build and maintain tools to support the Red Team engagements.
· Assist with network/infrastructure design and maintenance to support Red Team engagements.
· Assist with automation of infrastructure and tool development.
· Participate in ongoing interactive Purple Team activities through use of tools and manual testing.
· Conduct ad hoc support and platform assessments to provide an adversarial perspective
This is a remote position. Work may be performed from a quiet, confidential space in a home location, approved by PNC. This position may not be available in all geographic locations.
Job Description
- Carries out security testing of applications, infrastructure, and/or platforms to discover security vulnerabilities.
- Performs manual & automated security testing.
- Performs manual testing to validate vulnerabilities.
- Reviews the testing results with stakeholders and creates a report to review results with stakeholders.
- Assists in the design and implementation of security solutions and continuously enhances information security approaches and methodologies at manager discretion.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
- Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
- Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
Competencies
Analytical Thinking – Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the best interest of the business.
Effective Communications – Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.
Information Assurance – Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
Information Security Management – Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
Information Security Technologies – Knowledge of technologies and technology-based solutions dealing with information security issues.
IT Environment – Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.
IT Standards, Procedures & Policies – Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
IT Systems Management – Knowledge of and ability to utilize a variety of technical tools and techniques to guarantee service availability and ensure IT system performance.
Problem Solving – Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.
Software Security Assurance – Knowledge of and the ability to detect and prevent data security vulnerabilities of coding throughout the software development life cycle within software development organizations.
Work Experience
Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience. Specific certifications are often required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.
Education
Bachelors
Additional Job Description
Salary will commensurate with skills and experience
Benefits
PNC offers employees a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include medical/prescription drug coverage (with a Health Savings Account feature); dental and vision options; employee and spouse/child life insurance; short- and long-term disability protection; maternity and parental leave; paid holidays, vacation days and occasional absence time; 401(k), pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption assistance; educational assistance and a robust wellness program with financial incentives. To learn more about these and other programs, including benefits for part-time employees, visit pncbenefits.com > New to PNC.
Disability Accommodations Statement:
If an accommodation is required to participate in the application process, please contact us via email at [email protected]. Please include “accommodation request” in the subject line title and be sure to include your name, the job ID, and your preferred method of contact in the body of the email. Emails not related to accommodation requests will not receive responses. Applicants may also call 877-968-7762 and say "Workday" for accommodation assistance. All information provided will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
At PNC we foster an inclusive and accessible workplace. We provide reasonable accommodations to employment applicants and qualified individuals with a disability who need an accommodation to perform the essential functions of their positions.
Equal Employment Opportunity (EEO):
PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.
California Residents
Refer to the California Consumer Privacy Act Privacy Notice to gain understanding of how PNC may use or disclose your personal information in our hiring practices.