From smartphone capabilities like Digital Key to connected rooms that allow for integrated entertainment, temperature and lighting controls, Hilton's Global Technology team builds the hospitality experience of the future - for our guests, owners and Team Members. Through innovative technology development and deployment, this team ensures Hilton has the technology needed to support our continued global growth while remaining at the forefront of hospitality technology innovation.
What will I be doing?
As the Senior Lead Cyber Assessor Penetration Tester, you will be executing penetration, vulnerability, and security assessments across a variety COTS and custom applications and platforms. The scope of your work will include performing security penetration testing in various environments, simulating real-world cyber-attack scenarios against technologies related to hospitality and lodging, and conducting a security red team exercise. You will provide actionable recommendations and mentorship for clients based on your assessment findings.
More specifically, you will:
- Perform security penetration testing in various environments, simulate real world cyber-attack scenarios against a plethora of technologies related to hospitality and lodging, as well as successfully conduct a security red team exercise.
- Provide actionable recommendations and guidance for clients based on the assessment findings.
- Learn and execute on any client requests and form positive partnerships with customer staff in structured and unstructured situations.
- Present the results of penetration tests to client partners to include senior or executive leadership.
- Use your solid grasp and deep understanding in Information Technology and security vulnerabilities to simulate threat modeling and attack scenarios.
- Utilize your experience ranking vulnerabilities based on context and possible impact.
What are we looking for?
We are seeking problem solvers who are passionate about growing market share in a dynamic industry and who love to combine their analytical skills with business insight. We believe success in this role will demonstrate itself through the following attributes and skills:
- Motivated Self-Starter with "Can do" attitude that takes initiative and has the ability to spin up quickly on technologies, challenging opportunities, topics, and advances in the cybersecurity field that require ongoing learning and self-training
- Good interpersonal, verbal, and written communication skills to successfully accomplish client-facing interactions and presentations to positively influence Hilton's partners
- Experience with multiple Information Security domains: Cyber Architecture, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Database and Platform Security, Identity and Access Management, Policy and Governance, Cloud Security, RFID, BLE, Encryption, Penetration Testing, Vulnerability Scanning and Management, and Compliance and Risk Management
- Deep understanding of the cyberthreatlandscape to include Advanced Persistent Threats, Cyber Crime, Hacktivism; specifically, the tactics, techniques and procedures they apply to a cyber-threat
- Solid grasp of attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
- Previous experience with penetration testing processes, tools, and technologies and extensive knowledge of standard methodologies regarding their implementation
- Deep understanding of global regulatory and legislative cybersecurity and privacy requirements like HIPAA, GDPR, SOX, PCI, etc.
- Previous experienceworking with the Kill Chain, Diamond Model of Intrusion, and similar frameworks and concepts
- Knowledge of industry research and standard methodologies in penetration testing and red teaming
- Solid skills in various operating systems and enterprise platforms to include: Windows, Linux/Unix, Mac OS, iOS, Android, Active Directory, .Net framework, Oracle business products, SAP, etc.
- Previous experience with tools such as Qualys, Rapid7, Checkmarx, Burp Suite, Black Duck and SD Elements
- An aptitude for effectively addressing any issue in collaboration with others
To fulfill this role successfully, you must possess the following minimum qualifications and experience:
- Five (5) years of professional experience in the Information Technology/Information Security industry
- Two (2) years of professional experience IT-related penetration testing activities
- Experience with execution of a variety of penetration testing assessments and vulnerability assessments to include network penetration testing, web application penetration testing, RF and RFID, Bluetooth, Zigbee, mobile device penetration testing, IoT testing as well as physical and social engineering exercises
- Experience developing vulnerability reports with detailed finding descriptions, test case reproduction steps, and prioritized recommendations
- Cyber security certifications such as CISSP, CEH, GCIA, OSCP & OSCE
- Ability to travel up to 25%
It would be advantageous in this position for you to demonstrate the following capabilities and distinctions:
- BA/BS Bachelor's Degree
- Consulting experience (internal or external)
- Prior experience working on a security Red Team or other technical security assessment team
- Prior experience leading a successful penetration testing program for a large organization
- Prior experience conducting social engineering and client-side threats
- Strong Kali Linux platform knowledge and skill working with standard penetration testing tools for discovery, vulnerability assessments, exploitation, post exploitation and social engineering