Consulting Director - Penetration Tester at CNA (Chicago, IL)

| Chicago, IL | Hybrid
Sorry, this job was removed at 12:51 p.m. (CST) on Monday, March 21, 2022
Find out who's hiring in Chicago, IL.
See all Developer + Engineer jobs in Chicago, IL
By clicking Apply Now you agree to share your profile information with the hiring company.
Job Summary
CNA's Red-Team reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios. This position works closely with team members to plan, coordinate, execute and report on sophisticated ethical hacking exercises, to identify cyber vulnerabilities and reduce the risk posture of enterprise systems. This role will be primarily responsible for performing infrastructure, application, OS security assessments, and social engineering attacks and will make recommendations to management on effective countermeasures.
The successful candidate for this position will be part of an exciting and dynamic environment to help build and deliver industry leading ethical hacking capabilities to continuously protect and defend CNA employees, brand, systems, and data. Red-Team is part of the InfoSec Operations organization and assists with identifying opportunities to enhance CNA's information security posture against a broad range of cyber threats, and develop strategies to most effectively address the threats.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
  • Leads and contributes to Red-Team's Tactics Techniques and Procedures (TTPs) knowledge base.
  • Demonstrates subject matter expertise of penetration testing techniques and methodologies.
  • Develops and customizes payloads specific to the environment software version or for evasion of defensive technologies related to mobile applications.
  • Performs penetration testing of infrastructure applications and related technologies (API endpoints databases payment etc.).
  • Assesses CNA's security policies standards and practices and help mature corporate security standards.
  • Assists triage and test application and/or infrastructure responsible disclosure findings and newly disclosed vulnerabilities.
  • Communicates findings attack paths and recommendations to technical non-technical and senior leadership through written reports and verbal presentations.
  • Works with technology teams to improve CNA's threat profile.
  • Works with developers to improve SDLC for applications as needed.
  • Mentors SecOps team members to develop additional depth in offensive security practices.Develops scripts tools techniques and methodologies to improve the overall ability of the team to deliver high-quality tests.
  • Employs advanced internal networks wireless networks mobile applications thick-client applications embedded applications or hardware penetration testing techniques.
  • Acts as a primary technical contact for IT and development teams to remediate findings.

May perform additional duties as assigned.
Reporting Relationship
Typically Director or above
Skills Knowledge & Abilities
  • Proficient with the common tools associated with penetration testing (Metasploit Burp Suite Cobalt Strike etc.)
  • Ability to effectively code in a scripting language (Python Perl etc)
  • Ability to work independently and function effectively as part of a team in a dynamic environment

Education & Experience
  • Bachelor's Degree in Computer Science Information Technology or related discipline or equivalent work experience.
  • Typically a minimum of ten years of information security experience (red teaming cloud security application security or network security)
  • Typically a minimum of two years of experience with threat modeling concepts and frameworks (CVSS MITRE ATT&CK DREAD or STRIDE)
  • Typically a minimum of six years of experience with scripting or compiled languages
  • Typically a minimum of six years of penetration testing experience
  • Applicable certifications preferred (OSCP OSCE OSWP CMWAPT GPEN GWAPT GMOB GAWN GXPN GCIH or CPT)

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • Node.jsFrameworks
    • SpringFrameworks
    • AccessDatabases
    • DB2Databases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • SalesforceCRM
    • SendGridEmail
    • MarketoLead Gen

An Insider's view of CNA

How would you describe the company’s work-life balance?

Work-life balance has always been a priority for me. It always will be. CNA’s hybrid working model allows me to not only maximize collaboration with my peers but also take advantage of increased flexibility by combining remote and in-office work. I’m empowered to take control of my schedule based on what works best for me and my team.

Alison Massey

Agile Scrum Master Consultant

How do you collaborate with other teams in the company?

On the Security Advisory team, collaboration is key to what we do. We sit at a unique intersection of security goals and business objectives. By working across nearly every IT team at CNA, we balance the need for maintaining secure initiatives and keeping projects on track. It’s our job to find the best, secure path to ‘Yes’ for business requests.

Zach Jones

Director, Security Advisory

How has your career grown since starting at the company?

I joined CNA as a contractor and became a full-time employee after an eight-year contractor journey. I’m passionate about solving technical challenges and CNA allows me to foster that passion. Every day, I learn about emerging technologies. I’m empowered to develop, grow, and create a career that works for me and my lifestyle.

SenthilKumar Asokan

Applications Engineer Senior Specialist

How do your team's ideas influence the company's direction?

Enterprise Architecture creates foundations for IT expectations across CNA. I’m on a team that builds reusable IT assets, communicates best practices, and decides standards for tooling, and more. I influence CNA outside of my role, too, specifically through CNA’s Employee Resource Groups. I’m empowered to influence both IT and our culture of inclusion.

Lisa Smith

Architecture Senior Specialist

What does career growth look like on your team?

Career growth can take on many different forms at CNA, and that’s because there are always opportunities to acquire transferrable skills. On my team specifically, we’re encouraged to identify and work toward development opportunities that matter to us. We’re empowered to make a difference while advancing our careers.

Josie Lee

Director, HR Business Partner

What are CNA Perks + Benefits

CNA Benefits Overview

One of the many advantages of working at CNA is the benefits program we offer you and your eligible dependents,
beginning on the first day of your employment. The program features a variety of plans that provide health care
benefits, well-being, disability and survivor protection, and 401(k) savings, among others. Below are highlights
of the offerings.

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Open door policy
Team owned deliverables
Group brainstorming sessions
Open office floor plan
Dedicated Diversity/Inclusion Staff
Diversity Employee Resource Groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Commuter Benefits
Some Meals Provided
Relocation Assistance
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Cross functional training encouraged
Online course subscriptions available
Paid industry certifications

More Jobs at CNA

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about CNAFind similar jobs like this