As an Adversary Emulation Senior Director, you help lead members of the offensive security team to enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations and inform analysis to clearly outline root-causes. In this role, evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
The Adversary Emulation Senior Director will play a role in testing various aspects such as Application Security, Cloud Security, Consumer Fraud, Critical Infrastructure, Data Exfiltration, Emerging Technology, Hardware, Insider Threat, Mainframes, Network Security, Physical Security, Security Controls, and Social Engineering. The successful candidate will have a proven track record in cybersecurity. Additionally, the candidate will be able to demonstrate a general knowledge of computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, and penetration testing tools. The Adversary Emulation Senior Director consists of highly skilled and qualified members who conduct advanced adversary emulation operations to replicate cybersecurity threats targeting the firm.
Responsibilities include, but may not be limited to the following:
- Manage and Coordinate the Adversary Emulation Security Team: Manage members of the Offensive Security Team, 3rd party engagements, and coordination between teams to conduct various team activities, including penetration testing, red team operations, purple team exercises, and vulnerability assessments.
- Conduct Penetration Testing: Coordinate testing, and conduct comprehensive penetration tests on various systems, applications, networks, and physical security controls to identify vulnerabilities and security gaps.
- Red Team Operations: Engage in simulated adversarial attacks to evaluate the effectiveness of existing security measures, response strategies, and incident handling processes.
- Purple Team Exercises: Conduct purple team exercises to perform adversary emulation against security controls and work with teams and/or measure responses directly to determine security control effectiveness and where enhancements may need to be applied.
- Vulnerability Assessment: Analyze and assess vulnerabilities discovered during tests, including but not limited to network infrastructure, web applications, databases, and end-user devices.
- Report Findings: Manage communicate findings, including detailed reports of vulnerabilities, risk assessments, and recommended remediation strategies to both technical and non-technical stakeholders.
- Collaboration: Work closely with the IT and security teams to understand current security architecture and assist in developing strategies to mitigate identified risks.
- Compliance: Ensure that penetration testing activities adhere to relevant compliance standards and regulations, including those specific to the casino industry such as PCI-DSS and other gaming regulations.
- Continuous Improvement: Stay current with the latest security trends, techniques, and vulnerabilities, and apply this knowledge to continuously improve the security posture of the casino.
- Training and Awareness: Provide guidance and training to internal teams on best practices for security and how to address identified vulnerabilities.
KNOWLEDGE AND EXPERIENCE
- 10+ years of experience in cybersecurity or resiliency with focuses on securing multiple proficiencies including application security, cloud security, data exfiltration, emerging technology, hardware, mainframe security, network security, physical security and other security controls
- 5+ years of experience in offensive security testing, including performing targeted, covert security tests with vulnerability identification, exploitation, and post-exploitation activities
- 3+ years of leading a highly motivated offensive security testing team
- Strong understanding of the following: networking fundamentals (all OSI layers, protocols); Windows/ Linux/Unix/Mac operating systems as well as software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite)
- Familiarity with system administration skills such as configuration, maintenance, and interpretation of log output from networking devices, operating systems, and infrastructure services, as well as with cloud architecture, operations, and security vulnerabilities
- Experience in multiple businesses or verticals, with organizational and cultural understanding of call centers, payments processes, and client service/sales organizations
- Expertise in collaborating with high-performing teams and individuals throughout the firm to accomplish common goals
- Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
- Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
Our Caesars family is driven by our Mission, Vision and Values. We take great pride in living these values – Together We Win, All In On Service and Blaze the Trail – every day. Our mission, “Create the Extraordinary”. Our vision, “Create spectacular worlds. That immerse, inspire and connect you. We don’t perform magic; we create it with excellence. #WeAreCaesars”. If you are ready to create some magic, we invite you to explore our dynamic, yet unique, career opportunities.
Skills Required
- 10+ years of experience in cybersecurity or resiliency across application, cloud, network, mainframe, hardware, and physical security
- 5+ years of offensive security testing experience including vulnerability identification, exploitation, and post-exploitation
- 3+ years leading an offensive security or adversary emulation team
- Proven knowledge of networking fundamentals (OSI layers, protocols) and operating systems (Windows, Linux, Unix, macOS)
- Experience with commercial or open-source offensive security tools (e.g., Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite)
- Familiarity with system administration, log interpretation, cloud architecture/operations, and cloud security vulnerabilities
- Knowledge of PCI-DSS and gaming industry regulations and relevant compliance requirements for penetration testing
- Experience across multiple business verticals (call centers, payments, client service/sales organizations)
- Proficiency in security assessment methodologies and frameworks (OWASP Top Ten, NIST Cybersecurity Framework)
- Ability to identify systemic security/resiliency issues and recommend remediation and risk management strategies
- Strong collaboration and communication skills to report findings to technical and non-technical stakeholders and provide training
What We Do
Caesars Entertainment is one of the world's most diversified casino-entertainment providers and the most geographically diverse U.S. casino-entertainment company. Since its beginning in Reno, Nevada, in 1937, Caesars Entertainment has grown through development of new resorts, expansions and acquisitions. Caesars Entertainment's resorts operate primarily under the Caesars®, Harrah's® and Horseshoe® brand names. Caesars Entertainment's portfolio also includes the Caesars Entertainment UK family of casinos. Caesars Entertainment is focused on building loyalty and value with its guests through a unique combination of great service, excellent products, unsurpassed distribution, operational excellence and technology leadership. Caesars Entertainment is committed to its employees, suppliers, communities and the environment through its PEOPLE PLANET PLAY framework. Caesars Entertainment promotes a collaborative culture where accountability, passion, and idea sharing create a foundation for innovation and continuous improvement in the casino entertainment industry. Caesars is always looking for intellectually-curious professionals who are aligned with our values, motivated by meritocracy, and inspired by our commitment to our guests, team members, communities, and environment. Learn what it’s like to join a diverse by design team at Caesars Entertainment and check out our open jobs.

.png)







