Sr Red Team Consultant

Location:

The Senior Red Team Consultant will execute and lead Red team and penetration testing. The Red team is responsible for the execution of various security tests finding and assessing security weak points, choosing appropriate attack vectors, and carrying out a controlled attack that attempts to evade detection or capture. KeyBank’s Red Team is an active threat emulation team that models real world threats and executes simulated attacks. 

Assessments include red team assessments, network and physical penetration tests, cloud, wireless tests, and 3rd party testing included in Key’s Vulnerability Management program.

This role will oversee efforts in planning, performing, and executing various security assessments for Key’s Red Team program. The candidate will bring extensive red team knowledge to further enhance KeyBank’s program.  Practical experience with Red team engagements targeting Linux, Windows, macOS, Google Cloud and Azure is necessary for success.  The senior red team consultant is expected to be able to present and communicate with senior leadership in both written and verbal formats. 

From a more general perspective, the candidate will be able to analyze and assess security risk and facilitate the development and implementation of effective compensating controls.  The senior red team member will function within the Corporate Information Security team but will ideally be effective across the entire security spectrum and able to analyze complex security issues and explain them in standard business language. 

ESSENTIAL JOB FUNCTIONS

• Ability to perform Red Team assessments across multiple technologies, including GCP and Azure.
• Work as a lead coordinating with clients and team members to execute Red Team Assessments and Penetration Assessments
• Perform and lead advanced network and physical penetration testing and complex analysis of vulnerabilities to determine risk posture and findings. 
• Produce quality written reports, presentations and documentation; incorporating findings and recommendations.  Reports should be written for appropriate audience, for example executive management.
• Works autonomously and guides work of other team members
• Strong business/financial knowledge; in-depth understanding and interpretation of security policies, leading to security best practice implementation and recommendations
• Proven relationship building skills working with mid to senior level management and cross-functional teams; strong understanding of risks; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors’ other team members
• Collaborate with technical teams communicating and assigning findings discovered during an assessment
• Create and update documentation of processes and ongoing associated enhancements
• Provides technical security consulting support to address complex business and technology projects and requests
• Identify enhancements to tools, processes and standards
• Provide direction and act as an escalation point on projects and issues to other team members

REQUIRED QUALIFICATIONS

• Bachelor’s degree or equivalent work experience
• 6+ years with Red team or PenTest teams
• Advanced experience with common Red Team tools, including common C2 frameworks
• Experience with scripting, editing existing code, and general programming concepts using one or more of the following: PowerShell, JavaScript, Perl, Python, VB, bash, C/C++, C#, or Java
• Firm understanding of operating systems such as Windows, Linux, macOS
• Cloud computing experience such as Google Cloud, Azure
• Advanced networking experience
• Experience with attack planning and simulation
• Knowledge and understanding of MITRE ATT&CK framework and TTPs of cyber attacks
• Strong Research capabilities reporting back to the team on new topics
• Travel for site visits required

RELEVANT QUALIFICATIONS (Desirable but not required)

• Offensive Security Certified Professional (OSCP)
• Certified Red Team Professional (CRTP)
• GIAC Penetration Tester (GPEN)
• CREST Penetration Testing / CBEST Qualifications

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $92,000 to $150,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote