Director, Cyber Security Red Team

Those who join Emergent BioSolutions feel a sense of ownership about their future. You will excel in an environment characterized by respect, innovation and growth opportunities. Here, you will join passionate professionals who advance their scientific, technical and professional skills to develop products designed-to protect life.

I: Job Summary

The director Cyber Security Red Team is responsible for supporting the enterprise threat emulation and pen-testing program, which includes but is not limited to evaluating the security of the organization's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie by simulating attacks on networks, firewalls, operating systems, operational technology and web applications to identify vulnerabilities, and report the findings (This a Hands-on role).

II: Responsibilities

Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls. Test procedures may cover a wide range of technically diverse such as but not limited to IP network discovery, password length and complexity requirements and vulnerability exploitation.

• Knowledge of APT TTPs and how to replicate their attack methodology.
• Ability to work with publicly available exploits and PoC code.
• Write penetration testing rules of engagements, test plans, standard operating procedures and reports.
• Thoroughly document exploit chain/proof of concept scenarios.
• Research and remain up-to-date with new threats and adversary emulation methodologies.
• Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
• Hands-on expertise with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex: Burp Suite, Nmap, Metasploit, Cobalt Strike, Nexpose/IVM).
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Extensive knowledge of MITRE ATT&CK Framework.
• Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
• Must be willing to travel as needed (10%)
• The position may require occasional travel to other countries.
• Develops, recommends, and enhances information risk management policies and standards, including controls, processes, and procedures to ensure that information is protected and available to the business in a timely fashion.
• Support physical security pen-tests
• Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies & infrastructure devices, databases, operational technology and ensure risk remediation before and after vulnerability scans
• Work effectively with others in the Information & Technology organization, operations in support of security policies and standards.
• The above statements are intended to describe the general nature of work performed by those in this job. It is not an exhaustive list of all duties, and other duties may be assigned.

III: Education, Experience & Skills

• Bachelor's degree in technical field (Computer Science, Information Systems, Information Systems Security) or 4+ years of equivalent background and experience in cyber security
• Experience in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security
• Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
• 4-6 years of experience in a technical, professional role for an enterprise, with a minimum of 3 years in a cybersecurity vulnerability/penetration tester position.
• Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls
• Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
• Experience with common commercial and open source penetration tools such as Kali Linux, Burp Suite Pro, Metasploit and password cracking tools.
• The following certifications are strongly preferred:
• Offensive Security Certified Professional (OSCP)
• Certified Penetration Tester (GPEN)
• Web Application Penetration Tester (GWAPT)
• Possess planning, interpersonal, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
• Ability to speak both extemporaneously and in formal business settings.
• Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
• Have the ability to apply logic and reason to solve complex problems.
• Ability to establish and maintain multi-functional and positive working relationships.
• Advanced computer skills and proficiency.
• Strong interpersonal and networking skills with a solid ability to work in a team environment.
• Ability to work under stressful and tight deadlines as well as the ability to lead in a fast-paced environment.
• Above average computer hardware and software knowledge.
• Ability to multi-task, discerns patterns in detail.
• Think through problems for logical solutions and remain calm and professional under stress.
• Strong decision-making ability during both crisis and non-crisis situations.
• Able to work with highly confidential information.

We recognize the need for on-going skill enhancement and support continued learning through on-the-job assignments, training programs, tuition assistance, professional memberships, and professional conference attendance. We value talent, develop employees and offer promotional opportunities so our staff can achieve personal and professional growth.

There are physical/mental demands and work environment characteristics that must be met by an individual to successfully perform the essential functions of the job. This information is available upon request from the candidate.

Reasonable accommodations may be made to enable individuals with disabilities to perform all essential functions.

Emergent BioSolutions is an Equal Opportunity/Affirmative Action Employer and values the diversity of our workforce. Emergent does not discriminate on the basis of race, color, creed, religion, sex or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, age, national origin, ancestry, citizenship status, marital status, physical or mental disability, military service or veteran status, genetic information or any other characteristics protected by applicable federal, state or local law.

Information submitted will be used by Emergent BioSolutions for activities related to your prospective employment. Emergent BioSolutions respects your privacy and any use of the information submitted will be subject to the terms of our Privacy Policy .

Emergent BioSolutions does not accept non-solicited resumes or candidate submittals from search/recruiting agencies not already on Emergent BioSolutions' approved agency list. Unsolicited resumes or candidate information submitted to Emergent BioSolutions by search/recruiting agencies not already on Emergent BioSolutions' approved agency list shall become the property of Emergent BioSolutions and if the candidate is subsequently hired by Emergent BioSolutions, Emergent BioSolutions shall not owe any fee to the submitting agency.

.buttontextd24067979861e38d a{ border: 1px solid transparent; } .buttontextd24067979861e38d a:focus{ border: 1px dashed #c11d4b !important; outline: none !important; }