The senior security engineer will support, deliver, and lead many aspects associated with the offensive security strategy. This includes guidance on the design, implementation, development, and execution of solutions to maintain and improve the security posture of our environment. This role will require advanced understanding of all aspects of information security and information technology – including policies, standards, technical procedures/processes, and regulatory requirements. The solutions shall be designed to mitigate and/or reduce business exposure to information security threats.
This will be accomplished by executing on the follow key strategies:
Penetration Testing: Security Testing of applications and infrastructure from an adversary view.
Responsible Disclose: Managing the communication path with security researchers (AKA Ethical Hackers) to report cyber security issues to Assurant.
Bug Bounty: Work with upper tier security researchers to find cyber security issues at Assurant and provided compensation for notable findings uncovered via paid bounties.
Attack Surface Analysis: Discover critical misconfigurations, obsolete infrastructure, improve our security posture, and improve Assurant’s cyber security business rating.
Adversary Simulations: Use of adversary tradecraft to attempt to uncover attack paths that could be used to compromise critical controls and to test our resilience against various types of cyber-attacks.
Critical Controls Testing: Perform testing of critical controls as requested by Senior Management Team.
Previous Experience:
7+ years of experience in the field of IT, information security, security engineering, security event monitoring, incident response, eDiscovery forensic, infrastructure administration, compliance, security administration, audit and/or risk.
Professional certification(s) in Information Security.
CompTIA Security+
GIAC Security Essentials
Certified Security Analyst (ECSA)
Certified Ethical Hacker (CEH)
Certified Red Team Operator (CRTO)
Offensive Security Certified Professional (OSCP)
Certificated Information Systems Security Professional (CISSP)