Adversary Emulation Senior Director

Posted 6 Days Ago
Be an Early Applicant
2 Locations
Hybrid
Senior level
Events • Gaming • News + Entertainment • Other
The Role
Lead and manage an offensive security/adversary emulation team to plan and execute red/purple team operations, penetration tests, and vulnerability assessments; evaluate controls, incident response, and detection capabilities; report findings and advise stakeholders; ensure compliance with PCI-DSS and gaming regulations; provide training and continuous security improvement.
Summary Generated by Built In

As an Adversary Emulation Senior Director, you help lead members of the offensive security team to enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations and inform analysis to clearly outline root-causes. In this role, evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
The Adversary Emulation Senior Director will play a role in testing various aspects such as Application Security, Cloud Security, Consumer Fraud, Critical Infrastructure, Data Exfiltration, Emerging Technology, Hardware, Insider Threat, Mainframes, Network Security, Physical Security, Security Controls, and Social Engineering. The successful candidate will have a proven track record in cybersecurity. Additionally, the candidate will be able to demonstrate a general knowledge of computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, and penetration testing tools. The Adversary Emulation Senior Director consists of highly skilled and qualified members who conduct advanced adversary emulation operations to replicate cybersecurity threats targeting the firm. 

Responsibilities

Responsibilities include, but may not be limited to the following: 

  • Manage and Coordinate the Adversary Emulation Security Team: Manage members of the Offensive Security Team, 3rd party engagements, and coordination between teams to conduct various team activities, including penetration testing, red team operations, purple team exercises, and vulnerability assessments.
  • Conduct Penetration Testing: Coordinate testing, and conduct comprehensive penetration tests on various systems, applications, networks, and physical security controls to identify vulnerabilities and security gaps.
  • Red Team Operations: Engage in simulated adversarial attacks to evaluate the effectiveness of existing security measures, response strategies, and incident handling processes.
  • Purple Team Exercises: Conduct purple team exercises to perform adversary emulation against security controls and work with teams and/or measure responses directly to determine security control effectiveness and where enhancements may need to be applied.
  • Vulnerability Assessment: Analyze and assess vulnerabilities discovered during tests, including but not limited to network infrastructure, web applications, databases, and end-user devices.
  • Report Findings: Manage communicate findings, including detailed reports of vulnerabilities, risk assessments, and recommended remediation strategies to both technical and non-technical stakeholders.
  • Collaboration: Work closely with the IT and security teams to understand current security architecture and assist in developing strategies to mitigate identified risks.
  • Compliance: Ensure that penetration testing activities adhere to relevant compliance standards and regulations, including those specific to the casino industry such as PCI-DSS and other gaming regulations.
  • Continuous Improvement: Stay current with the latest security trends, techniques, and vulnerabilities, and apply this knowledge to continuously improve the security posture of the casino.
  • Training and Awareness: Provide guidance and training to internal teams on best practices for security and how to address identified vulnerabilities.
Qualifications

KNOWLEDGE AND EXPERIENCE

  • 10+ years of experience in cybersecurity or resiliency with focuses on securing multiple proficiencies including application security, cloud security, data exfiltration, emerging technology, hardware, mainframe security, network security, physical security and other security controls
  • 5+ years of experience in offensive security testing, including performing targeted, covert security tests with vulnerability identification, exploitation, and post-exploitation activities 
  • 3+ years of leading a highly motivated offensive security testing team 
  • Strong understanding of the following: networking fundamentals (all OSI layers, protocols); Windows/ Linux/Unix/Mac operating systems as well as software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite)
  • Familiarity with system administration skills such as configuration, maintenance, and interpretation of log output from networking devices, operating systems, and infrastructure services, as well as with cloud architecture, operations, and security vulnerabilities
  • Experience in multiple businesses or verticals, with organizational and cultural understanding of call centers, payments processes, and client service/sales organizations
  • Expertise in collaborating with high-performing teams and individuals throughout the firm to accomplish common goals
  • Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
  • Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
About UsAt Caesars Entertainment, Inc., our Team Members create the extraordinary. We are the largest casino-entertainment company in the U.S. and one of the world's most diversified casino-entertainment providers. Since beginning in Reno, Nevada, in 1937, Caesars Entertainment has grown through the development of new resorts, expansions and acquisitions. Our resorts operate primarily under the Caesars®, Harrah's®, Horseshoe® and Eldorado® brand names. We focus on building loyalty and value with our guests through a combination of impeccable service, operational excellence and technological leadership. The company is committed to its Team Members, suppliers, communities and the environment through its PEOPLE PLANET PLAY framework.  
Our Caesars family is driven by our Mission, Vision and Values. We take great pride in living these values – Together We Win, All In On Service and Blaze the Trail – every day. Our mission, “Create the Extraordinary”. Our vision, “Create spectacular worlds. That immerse, inspire and connect you. We don’t perform magic; we create it with excellence. #WeAreCaesars”.  If you are ready to create some magic, we invite you to explore our dynamic, yet unique, career opportunities.

Skills Required

  • 10+ years of experience in cybersecurity or resiliency across application, cloud, network, mainframe, hardware, and physical security
  • 5+ years of offensive security testing experience including vulnerability identification, exploitation, and post-exploitation
  • 3+ years leading an offensive security or adversary emulation team
  • Proven knowledge of networking fundamentals (OSI layers, protocols) and operating systems (Windows, Linux, Unix, macOS)
  • Experience with commercial or open-source offensive security tools (e.g., Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite)
  • Familiarity with system administration, log interpretation, cloud architecture/operations, and cloud security vulnerabilities
  • Knowledge of PCI-DSS and gaming industry regulations and relevant compliance requirements for penetration testing
  • Experience across multiple business verticals (call centers, payments, client service/sales organizations)
  • Proficiency in security assessment methodologies and frameworks (OWASP Top Ten, NIST Cybersecurity Framework)
  • Ability to identify systemic security/resiliency issues and recommend remediation and risk management strategies
  • Strong collaboration and communication skills to report findings to technical and non-technical stakeholders and provide training
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Las Vegas, NV
13,822 Employees
Year Founded: 1937

What We Do

Caesars Entertainment is one of the world's most diversified casino-entertainment providers and the most geographically diverse U.S. casino-entertainment company. Since its beginning in Reno, Nevada, in 1937, Caesars Entertainment has grown through development of new resorts, expansions and acquisitions. Caesars Entertainment's resorts operate primarily under the Caesars®, Harrah's® and Horseshoe® brand names. Caesars Entertainment's portfolio also includes the Caesars Entertainment UK family of casinos. Caesars Entertainment is focused on building loyalty and value with its guests through a unique combination of great service, excellent products, unsurpassed distribution, operational excellence and technology leadership. Caesars Entertainment is committed to its employees, suppliers, communities and the environment through its PEOPLE PLANET PLAY framework. Caesars Entertainment promotes a collaborative culture where accountability, passion, and idea sharing create a foundation for innovation and continuous improvement in the casino entertainment industry. Caesars is always looking for intellectually-curious professionals who are aligned with our values, motivated by meritocracy, and inspired by our commitment to our guests, team members, communities, and environment. Learn what it’s like to join a diverse by design team at Caesars Entertainment and check out our open jobs.

Similar Jobs

Cloudflare Logo Cloudflare

Forward Deployed Engineer (FDE)

Cloud • Information Technology • Security • Software • Cybersecurity
Remote or Hybrid
6 Locations
4400 Employees
167K-264K Annually
In-Office
15 Locations
2653 Employees
271K-293K Annually

Centerfield Logo Centerfield

Sales Manager

AdTech • Consumer Web • Digital Media • eCommerce • Marketing Tech • SEO
Remote or Hybrid
United States
890 Employees
65K-75K Annually

CSC Logo CSC

Accountant

Fintech • Legal Tech • Software • Financial Services • Cybersecurity • Data Privacy
Remote or Hybrid
2 Locations
8500 Employees
79K-90K Annually

Similar Companies Hiring

Hedra Thumbnail
Software • News + Entertainment • Marketing Tech • Generative AI • Enterprise Web • Digital Media • Consumer Web
San Francisco, CA
14 Employees
Posh Thumbnail
Events • Social Media • Software
New York, New York
70 Employees
ARB Interactive Thumbnail
Gaming • Software
Miami, Florida
175 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account