Berkadia Commercial Mortgage, LLC seeks a Senior Red Team Engineer III (Ambler, PA) to manage and conduct internal penetration tests on mission-critical internal web applications including network scanning, foot printing, fingerprinting, process enumeration, exploitation, escalation, and exfiltration. Document the results of all findings of internal penetration tests providing evidence/POC (Proof of Concepts) for each finding and how to replicate the results of each finding. Publish the results of internal penetration tests into our Vulnerability Management platform and track the progress of ongoing remediations and provide technical assistance where needed. Build and publish reports showing the following: quarterly, monthly, and yearly internal penetration testing findings and remediation data MTTR (Mean Time to Remediation) compliance metrics; applications to be tested and historical data going back 12 months; YoY trend data for each application tested; maintain the penetration testing environment including deploying the Kali Linux (or other penetration testing Operating System) to a secure jump-box location within the network and maintaining it. Maintain and update internal penetration testing documentation ensuring that it is up to date with best practices. Provide quarterly updates to our CRM (Cyber Risk Management) team regarding our compliance with NIST (National Institute of Standards and Technology) pen testing frameworks. Lead efforts with development teams to ensure that Berkadia Web Applications are implementing all required HTTP security headers. Manage and maintain all WAF (Web Application Firewall) policies and updates. Be a technical subject matter expert to mentor more junior engineers working on vulnerability remediations.
REQUIREMENTS: Bachelor's degree, or foreign equivalent, in Electronics Engineering, Computer Science, Information Technology, or closely related field. Must have (4) years of experience conducting internal penetration tests from start to end including documentation and remediations of all findings using Metasploit, BurpSuite, Kali Linux, and nmap.
Of the (4) years, must have the following:
- (2) years' experience maintaining modern cloud infrastructures in AWS and Azure environments including experience with Terraform;
- (2) years experience in Agile development, including Python, and Bash;
- (2) years' experience managing and deploying Docker container-based assets using Kubernetes;
- (2) years' experience utilizing TCP/IP networking both on-premises and in a cloud-based environment including network and web application firewall configuration.
Remote work available up to 3 days per week at employer discretion. Must live within commuting distance of Ambler, PA.
#LI-DNI