Location: New York,NY, USA
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
Principal Accountabilities:
The principal accountability of a Sr. Penetration Tester is to secure the data and information systems of Northwestern Mutual and its policy owners. While pen testers think like an attacker, they will always act with integrity and never abuse their privileges. All work is in service of two primary internal customers:
the Business Owners accountable for the people, processes, and technologies in the organization, and (2) the Blue team accountable for logging, monitoring, and incident response.
The Sr. Penetration Tester serves the Business Owners by identifying, assessing, and responsibly reporting all vulnerabilities discovered throughout the organization. The primary goal being a focus on risk mitigation – allowing for business continuity, but without negligent risk.
The Sr. Penetration Tester serves the Blue Team by simulating threats against which they can engineer detection rules and validate monitoring, alerting, and response capabilities. This partnership happens in an open, knowledge-sharing environment to facilitate timely detection of existing gaps and new attack techniques.
Essential Job Duties:
Penetration Testing: The Senior penetration tester will be accountable for working independently with cross-functional teams to serve as the subject matter expert in the security testing space and independently performing web, mobile, cloud, and network penetration tests in an enterprise environment.
Red Team: Accountable for assisting in the design and implementation of red team exercises including independently leading components of the exercise.
Purple Team: The Senior Penetration Tester will play an active role in the team's purple team program and activities including designing, organizing, and executing purple team engagements and automation.
Leadership: The Senior Penetration Tester is a leader within the Security Testing team with the expectation to guide and mentor more junior members. This includes overseeing the testing performed by junior testers, mentoring their technical educational activities, freely sharing knowledge and testing techniques.
Infrastructure & Automation: Accountable for building, managing, and maintaining security tools and infrastructure that support the security testing team. Focus on designing and implementing automation to aid the team in creating efficiencies for both security testing and threat simulation.
Security Research: Accountable for regularly monitoring the security community for, and researching, the latest assessment and exploit methodologies. This phase of the work is concluded by sharing the information back to the team in the form of newly written tools and/or attack techniques via informal internal training sessions.
Test Coordination: Accountable for coordinating with internal team members to ensure that scheduled tests include all information needed to perform a successful penetration test.
Reporting: Accountable for preparing and delivering the highest quality security information that comprehensively and clearly explains risk, demonstrates findings, and offers tactical and strategic recommendations to both technical and non-technical internal clients.
Communication: Effective and professional communication of a variety of topics, including technical and non-technical information, to a wide variety of internal and external customers including leadership from across the organization.
Bug Bounty: Accountable for high-level management of bug bounty program including validation of bug submissions.
Ad Hoc Incidents: Accountable for working with security architects, the security operations center, incident responders, and technology infrastructure, and development teams, as necessary.
Metrics: Accountable for working with select team members to track, monitor, and report testing results in a meaningful way so that risk-based security metrics are delivered to the enterprise.
Training: Attend training to stay current with technology and security trends. Perform other duties as assigned.
Requirements:
Desirable:
Experience Requirements:
Our Benefits!
Compensation Range:
Pay Range - Start:
$110,040.00Pay Range - End:
$204,360.00Northwestern Mutual pays on a geographic-specific salary structure and placement in the salary range for this position will be determined by a number of factors including the skills, education, training, credentials and experience of the candidate; the scope, complexity as well as the cost of labor in the market; and other conditions of employment. At Northwestern Mutual, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. Please note that the salary range listed in the posting is the standard pay structure. Positions in certain locations (such as California) may provide an increase on the standard pay structure based on the location. Please click here for additional information relating to location-based pay structures.
Job Posting End Date:
The timeline for this job posting may be shortened or extended based on organizational needs
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
If you work or would be working in California, Colorado, New York City, Washington or outside of a Corporate location, please click here for information pertaining to compensation and benefits.