Red Team Engineer » EltasJobs

To all recruitment agencies: TD Ameritrade does not accept agency resumes. Please do not forward resumes to our job alias, TD Ameritrade employees or any other company location. TD Ameritrade is not responsible for any fees related to unsolicited resumes.

The TDA Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of TDA business objectives and in conformity with TDA policies. The Vulnerability and Threat Management (VTM) Team is a core function of SRM and is tasked with continually improving the security posture of TDA through the analysis of vulnerability and threat data, responding appropriately to the results of such analysis, providing security-related guidance, developing security policies and evangelizing security matters throughout the company. The VTM Engineer reports to the VTM Manager to identify, classify, remediate and mitigate security risks and vulnerabilities. Primary responsibilities include threat management, data analysis, and security testing.

Well qualified candidates for this position will demonstrate the following key traits:
1. Expertise and keen interest in emerging information security trends and technologies
2. Prior experience leading Red Team Exercises & Penetration Testing engagements
3. Ability to positively influence the behavior of peers and build relationships with other teams
4. Excellent verbal & written communication skills
5. Financial Services background; knowledge of trading platform process and technologies

Well qualified candidates will also demonstrate expertise in the following technical areas:
1. Vulnerability Scanning and Penetration Testing (network, operating system, and application layers)
2. Experience with the following technologies: Intrusion Prevention, Web Application Firewall, Vulnerability Management, and Advanced Malware Detection.
3. Understanding of common system & application vulnerability classes
4. Expert-level knowledge of major technology platforms (e.g. Microsoft Windows, Red Hat Linux, Cisco IOS)
5. Advanced scripting & exploit development (e.g. Python, Ruby, Powershell, C++)

Review intelligence reports, vulnerability documentation, and other sources of relevant information to design & construct test plans.
Conduct red team & penetration testing exercises
Create reports and testing documentation to aid in corresponding post action
Build custom tools and scripts to enable targeted testing.
Create & maintain red team documentation library and develop best practices
Test, implement, operate, and develop appropriate testing tools
Stay current on latest cyber offensive testing tools and methodologies
Provide timely testing reports to key stakeholders
Research & develop recommendations for impacted teams to act on red team findings
Support other members of the Vulnerability & Threat management team with related tasks

Bachelor’s degree in a related field and/or a minimum of 5 years of equivalent experience.
5+ years of experience in performing penetration tests & red team exercises
10+ years of Information Security experience overall
Knowledge of standard vulnerability & exploit framework (ex: CVSS, OWASP Top 10)
Experience engineering or securing multiple platforms and operating systems
Expertise of industry standard threat and vulnerability controls
Solid understanding of network design and architecture
Ability to write clearly and concisely in both technical & executive formats
Working knowledge of scripting and binary reverse engineering
An understanding of security frameworks: ISO 2700X, NIST, CIS
4 year college degree
Military education or experience may be considered in lieu of civilian requirements listed