JerseyCityRecruiter Since 2001
the smart solution for Jersey City jobs

VP - Head of Vulnerability Assessments - Red Team / Penetrat

Company: BNP Paribas
Location: Jersey City
Posted on: April 5, 2021

Job Description:

VP - Head of Vulnerability Assessments - Red Team / Penetration Testing BNP--Paribas is a leading bank in Europewith an international reach. It has a presence in 72 countries, with more than202,600 employees, of which almost 155,000 in Europe. The Group has keypositions in its three main activities: Domestic Markets and InternationalFinancial Services (whose retail-banking networks and financial services arecovered by Retail Banking & Services) and Corporate & InstitutionalBanking, which serves two client franchises: corporate clients andinstitutional investors. The Group helps all its clients (individuals, communityassociations, entrepreneurs, SMEs, corporates and institutional clients) torealize their projects through solutions spanning financing, investment,savings and protection insurance.-- In Europe, the Group has four domesticmarkets (Belgium, France, Italy and Luxembourg) and BNP--Paribas PersonalFinance is the--European--leader in consumerlending. BNP--Paribas is rolling out its integratedretail-banking model in Mediterranean countries, in Turkey, in Eastern Europeand a large network in the western part of the United States. In its Corporate& Institutional Banking and International Financial Services activities,BNP--Paribas also enjoys top positions in Europe, a strong presence in theAmericas as well as a solid and fast-growing business in Asia-Pacific. The Vulnerability Assessments (VA) Team isthe offensive security arm of BNPP Cyber Security. The team is responsible formanaging the Penetration Testing and Red Team Assessments program. The Vulnerability Assessments (VA) Teamperforms global intelligence-led exercises against people, process, andtechnology. The Red Team challenges the organization to improve theeffectiveness of Cyber Security by conducting exercises using the same Tactics,Techniques and Procedures (TTPs) as real adversaries. To be successful in thisrole, candidates are expected to act as subject matter experts in offensivesecurity with a proven track record in exploitation, escalation of privileges,and lateral movement. Candidate SuccessFactors: Candidates will be measured on the following four performance driverswhich will dictate how individual impact is considered on the Americasplatform:

  • Results and Impact
  • Leadership and Collaboration
  • Client, Customer and Stakeholder Focus
  • Compliance Culture and Conduct Responsibilities:
    • Proven thought leader with a vision for building and operating a world class Offensive Security program.
    • Experience in leading and directing a team of highly technical Red Team & Penetration Testing professionals.
    • Ability to present to and interact with executive management.
    • Develops, manages, and oversees offensive cybersecurity tests to validate the completeness and effectiveness of cybersecurity controls.
    • Manages vendor contracts, relationships, and staff for the execution of cybersecurity tests.
    • Designs, builds, and improves the technical infrastructure necessary to perform cybersecurity testing by both in-house and outsourced penetration testers who are executing either remotely or onsite.
    • Assist infrastructure and application owners in validating their remediation efforts for findings resulting from offensive cybersecurity test.
    • Lead penetration testing and red team assessments.
    • Lead, plan, and execute all Social Engineering simulations.
    • Analyze cyber intelligence and design attack models for use against the organization.
    • Testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards.
    • Supporting Purple Team operations.
    • Reporting information security vulnerabilities to businesses and vendors.
    • Act as thought leaders for addressing new security challenges such as IoT, cloud, robotics, and artificial intelligence.
    • Conduct vulnerability assessments and penetration tests (application and/or infrastructure) and articulate security issues to technical and non-technical audience.
    • Identify, research, and validate known and unknown exploits on cyber infrastructure.
    • Work closely with the Blue Team to identify gaps, address findings, and improve breach response.
    • Act as advisors for the Blue Team during major events and hunt activities. Minimum Required Qualifications
      • Strong problem solving and analytical skills, verbal and written communication skills.
      • Excellent interpersonal skills and the ability to work effectively with others as a team.
      • Ability to work independently and effectively managing and prioritizing multiple tasks.
      • Solid understanding of IT security concepts with an emphasis on Security and Risk Assessment.
      • Knowledge and experience with law and regulations surrounding the financial services sector.
      • Advanced user of Microsoft Excel, Microsoft Word and Microsoft PowerPoint.
      • Excellent understanding of networking concepts and Information Security, including emerging threats and attack methodologies.
      • Demonstrable understanding of Information Technology principles, including software, hardware, and networking.
      • A broad understanding of all areas of banking and the threats faced by the financial sector.
      • Strong ability to analyze threat actor TTPs at a highly detailed and technical level, examine and develop the controls, lead and execute tests of those controls using penetration testing and red team techniques.
      • Conducting adversary emulations and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience.
      • Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side.
      • Conducting Purple Team Testing.
      • Creating metrics to establish value to senior management.
      • Define cyber KPIs.
      • Knowledge of Vulnerability Assessment tools, e.g. Nessus, Qualys, etc.
      • Strong familiarity with at least one major pen testing framework (MITRE ATT@CK, CBEST) and the ability to self-learn new frameworks as required.
      • Knowledge of Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact.
      • Knowledge of Post-Exploitation Frameworks: Cobalt Strike, SILENTTRINITY, Covenant, Faction, Merlin, APfell, Red Team Toolkit, Voodoo.
      • Social Engineering campaigns, e.g. email phishing, phone calls, SET.
      • Deep understanding of OSI model.
      • Security devices, e.g. Firewalls, VPN, AAA systems.
      • Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols.
      • Knowledge of Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net.
      • Reporting information security vulnerabilities to businesses. Preferred Qualifications:
        • Bachelor degree in Computer Science or Engineering (relevant concentration preferred) with 10-15+ years of experience preferably within a pen test or red team function in the financial sector; or a Graduate Degree (Masters) in MIS.
        • Information Security certifications (e.g., CISSP, CISA, CISM, SANS coursework).
        • SharePoint administration and document management.
        • Understanding of the Tactics, Techniques, and Procedures of cyber threat actors.
        • Understanding of geo-political dynamics and how they affect the wider cyber threat landscape.
        • Experience working with the Kill Chain, Diamond Model of Intrusion and similar frameworks and concepts.
        • Excellent writing and presentation skills to communicate findings and recommendations to different audiences and stakeholders. FINRA Registrations Required:-- N/A BNP--Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status. Primary Location: US-NJ-Jersey City Job Type: Standard / Permanent Job: MISCELLANEOUS Education Level: Bachelor Degree or equivalent (> = 3 years) Experience Level: Not Indicated Schedule: Full-time Reference: INF000454

Keywords: BNP Paribas, Jersey City , VP - Head of Vulnerability Assessments - Red Team / Penetrat, Executive , Jersey City, New Jersey

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Executive Jobs


Associate Director, Data Partner, Global Biometrics and Data Science
Description: Associate Director, Data Partner, Global Biometrics and Data Science New Brunswick - NJ - US Bristol-Myers Squibb is a global Biopharma company committed to a single mission: to discover, develop, and (more...)
Company: Bristol-Myers Squibb
Location: New Brunswick
Posted on: 04/15/2021

Digital Ad Operations Manager - WESTPORT, CT
Description: Outside TV is the leading video provider for the adventure sports and outdoor lifestyle category. Outside TV delivers high-quality, compelling storylines focused on a wide variety of sports. Our Emmy (more...)
Company: Outside TV
Location: Westport
Posted on: 04/15/2021

Director, Online Account Opening Solutions
Description: Job Description - Director, Online Account Opening Solutions 21000236 Job Description Director, Online Account Opening Solutions - 21000236 Description Are you highly motivated, detailed oriented (more...)
Company: CTI Education Group
Location: White Plains
Posted on: 04/15/2021


Procurement Manager
Description: Company DescriptionFounded by Eric Lecoq in 1991, we are the preeminent manufacturer of fine French pastries in the US.Intense focus on innovation, investment in state-of-the-art equipment, and an uncompromising (more...)
Company: Lecoq Cuisine
Location: Stratford
Posted on: 04/15/2021

Manager, eCommerce Quality Assurance
Description: Position Title: Manager, eCommerce Quality AssuranceLocation: Hoboken, NJ OR Atlanta, Georgia OR Boca Raton, FloridaReports To: Sr. Manager, QA, Digital Technology, eCommerce br Newell Brands NYSE: (more...)
Company: Newell Brands
Location: Hoboken
Posted on: 04/15/2021

Regional Sales Manager - Own a Franchise
Description: Own A Franchise br 40 BUSINESS CATEGORIES br PROVEN BUSINESS MODELS br FIND OUT HOW BUSINESS br OWNERS CAN EARN MORE br Have you ever thought about owning your own business If so, now is the (more...)
Company: Franchise Career Advisor
Location: Vineland
Posted on: 04/15/2021

Assistant Meat Manager
Description: Assistant Meat Manager FULL-TIME 14.50/hr Responsible for receiving product and ensures that aisles/freezers and refrigerators are stocked, labeled, clean and delivered product is packed out, and proper (more...)
Company: Restaurant Depot
Location: Union
Posted on: 04/15/2021

Shift Manager- Wendy's Restaurants
Description: Movin on up Families come in all shapes and sizes. And that includes the Wendy s family - the people you work with as a Wendy s Shift Manager.The stuff you want - like fun people, quality food, and a (more...)
Company: Wendy's
Location: West Babylon
Posted on: 04/15/2021

MEDICAL DIRECTOR, PRIMARY CARE, LGBTQ PROGRAM
Description: MEDICAL DIRECTOR, PRIMARY CARE LGBTQ PROGRAM HACKENSACK UNIVERSITY MEDICAL CENTER Hackensack, New Jersey The Department of Internal Medicine at Hackensack University Medical Center is seeking a medical (more...)
Company: Hackensack Meridian Health
Location: Hackensack
Posted on: 04/15/2021

Salon Manager - Stratford Square
Description: Salon Manager Got shears and a winning attitude Have a yearning to earn and a desire to hire and support other stylists Then let's talk Maybe you're a stylist who wants more responsibility,
Company: Great Clips
Location: Stratford
Posted on: 04/15/2021

Log In or Create An Account

Get the latest New Jersey jobs by following @recnetNJ on Twitter!

Jersey City RSS job feeds