Vanguard, one of the world’s largestinvestment management companies and a recognized employer of choice, seeks a senior Red Team Analyst to assess and documentrisks to Vanguard’sinfrastructure by performingsecurity reviews and vulnerability testing of deployedarchitectures and configurations. The senior analyst will provide guidance to asset owners andrisk teams regarding the mitigation and acceptance ofrisks. Define technicalsecurity requirements and provide direction totechnologyteams.
The Red Team within Enterprise Security and Fraud (ES&F) will support the broader information technology and security objectives within Vanguard. The senior Red Team Analyst will help to identify vulnerabilities, test adversary TTP’s, exploit vulnerabilities before the adversary exploits them, and provide fact based feedback, risk analysis, and recommendations for improvement.
The successful candidate will drive innovation and is passionate about cybersecurity. You will part of building a world class cyber team whose primary focus is leading technical Red Team assessments.
Duties and Responsibilities
1. Builds and conducts red team and war gaming exercises to challenge Vanguard’s security strategy and effectiveness.
2. Leverages war gaming to simulate security incidents, observe Vanguard’s response across monitoring, incident, and identify enhancement opportunities.
3. Defines rules and parameters for ethical hacking of systems, software and networks to identify and mitigate potential vulnerabilities.
4. Defines simulation goals, scenarios, and select use cases.
5. Coordinates event logistics including participants, facilitators, facilities, technology, delivery preparation and white papers
6. Develops simulation materials and conduct dry-runs.
7. Develops after action reports to help justify this investment and use the results to hone strategies for the overall organization.
8. Discusses security trends with security specialists from other institutions and peer organizations.
9. Recommends change to architecture based on red team exercise results.
10. Provides thought leadership for the evolution of red team exercises and program.
11. Must be able to perform advanced exploitation methods on endpoint systems.
12. Participates in special projects and performs other duties as assigned.