As a Penetration Tester specialized in Red Teaming, joining our team means you will play a pivotal role in ensuring our customers' networks and underlying data is secure. Your expertise will enhance the support we provide to a wide variety of entities, including commercial enterprises and government organizations. Join us and be at the forefront of securing the data our customers rely on, while enjoying a dynamic and collaborative work culture that values innovation, growth, and teamwork.

This position operates with minimal government lead supervision supporting the Department of Defense (Navy). Our company also does commercial work outside of the DoD which occasional pull teams members based on interest and skillsets.

• Experience in participating in multi week red team security assessments or continuous operations
• Design and execute complex adversary simulations using cloud infrastructure, redirectors, and social engineering techniques. Identify and deploy attack vectors, including phishing campaigns and multi-stage attacks, leveraging cloud-based resources and redirectors to emulate real-world threat actors and evaluate the organization's defense mechanisms and/or capture security metrics
• Performs vulnerability analysis and exploitation of applications, operating systems or networks with a focus in building attack chains that have direct business impact
• Conduct in-depth analysis to identify and evaluate vulnerabilities and weaknesses within company systems
• Devises tests and scenarios for various penetration tests and Red Team activities. These will be tailored to whichever client is being supported on engagements and focus on most likely adversary TTPs, crown jewels, and potential security gaps in the client’s defense
• Documents results and communicates them to engineers and management
• Provides recommendations for new technologies and system designs according to test results
• Develops automated testing programs where possible
• Utilizes Red and Purple team assessment methodologies and adds to the methodologies as appropriate
• This position could require significant travel to client sites

Required Qualifications:

• Bachelor’s degree in related field or 5+ years of relevant experience in information technology or cybersecurity.
• Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.
• Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).
• Leverage commercial and open-source tools for scanning and security testing (e.g., Nmap, Nessus, Kali Linux, Cobalt Strike, Virtualization, Burp Suite, etc.)
• Active DoD 8570 IAT Level I or greater and at least one of the following certifications in good standing: OSWA, GWAPT, GXPN, GPEN, OSCP, OSWA, OSWE
• Active DoD Top Secret clearance

Preferred Qualifications:

• Non attributional infrastructure deployment and automation
• Knowledge of MITRE ATT&CK or D3FEND frameworks
• 2+ years of recent and direct experience with Red Team security operations
• 4+ years of recent and direct experience with penetration testing and vulnerability assessments
• Comfortable using Scripting Languages preferred (must be able to read/modify scripts in Python, Ruby, Lua/NSE, PowerShell scripting languages)
• Experience emulating specific ATPs
• Full spectrum red teaming experience a plus
• Red team knowledge management and mentorship a plus

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status

Company Description

Who We Are

Burwood Group is not your average technology consulting firm. We are an innovative, culture-driven industry leader, that helps companies use and manage technology to transform business and improve outcomes. Founded in 1997, headquartered in Chicago, we've grown to be a 200+ employee firm with team members and offices spread from Southern California to North Carolina.

Burwood fosters a culture that applauds both teamwork and personal growth. We’ve cultivated an incredible team of people who are dedicated to their craft and passionate about using their skills to impact the success of the company. Join our team and build a career as unique as you are.

• Provide design, implementation, and support expertise to clients and project teams.
• Understand customer requirements and align with technology solutions.
• Work closely with other project team members and manage and execute project level tasks and milestones.
• Mentor junior and mid-level consultants.
• Participate in business development and pre-sales activities.
• Ongoing evaluation and improvement of internal processes.
• Stay current on market trends, technologies, and best practices.

Required Qualifications

• You have a strong IT and Consulting background.
• You are able to engage at the CxO and Director/Manager levels as well as manage tasks on engagements.
• You build relationships and bring considerable value, and you have a proven record of accomplishment of exceeding customer expectations.
• You can quickly adapt to a fast-paced sales and quality-based delivery model, work in a team-based environment, and self-manage your time.
• You are dedicated to continual learning and staying current on technology to always have a point-of-view worth sharing.
• You have excellent communication skills whether that be in-person, over-the-phone, or e-mail.
• You do not mind responsibility; you are accountable for your work and dedicated to a job well done.
• You have a passion for technology and always want to learn something new.
• You are willing to travel.
• Strong understanding of network and network security architectures, solutions, processes, frameworks, and components.
• Successfully managed and executed multiple Zscaler integration projects, including remote deployment services and advanced cloud firewall configurations.
• Hands-on experience working with Palo Alto Firewalls
• Successfully managed and executed multiple firewall migration projects, including transitioning from other firewall platforms to Palo Alto, ensuring seamless integration and minimal downtime.
• Network protection including firewalls, IDS/IPS, SSL, VPN, DLP, NAC, and WAF.
• Incident response including security monitoring, network and endpoint visibility, threat management, and forensics.
• Identity management including AAA, AD/ADFS, MFA, SSO, RADIUS
• Endpoint / server / data protection including antivirus, malware protection, web/URL filtering, and MDM
• Risk / compliance including policy management, vulnerability management, log management, and change control, and security analytics / reporting (e.g., Splunk)

Preferred Qualifications

• PCSNE and/or PSE certification is a plus

The Perks

If you ask any of our employees here at Burwood “what we love,” the top answer is always the same: our culture. Our employees are driven, innovative, fun-loving, and always willing to help. In addition to that, Burwood also offers some fantastic benefits:

• 401(k) and Roth 401(k) savings plan, complete with a company match
• Generous vacation policy
• Health, dental, and vision insurance
• Life and accident insurance
• Short and Long Term Disability coverage
• Flexible work-from-home policy
• Flexible spending accounts for pre-tax healthcare and transit/parking expenses
• Access to financial planning expertise

Our Commitment to Diversity & Inclusion

We are not intent on being the largest company; but rather, the best. These are the words we live by. This means we welcome all the best talent - regardless of gender, race, ethnicity, sexual orientation, disability, religion, and age.

Being open to all cultural backgrounds, life experiences, thoughts, and ideas not only strengthens company culture but also encourages different-in-kind thinking and promotes economic success.

About this role:

Wells Fargo is seeking an Engineer who will provide direct support to Enterprise Dynamic Authorization (PlainID) and all Keep the Lights On activities for accompanying applications.

• Lead or participate in computer security incident response activities for moderately complex events
• Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
• Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
• Review and correlate security logs
• Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
• Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals

Required Qualifications

• 4+ years of information security applications and systems experience
• 4+ years of information technology applications and systems experience
• 2+ years of technical troubleshooting experience
• 2+ years of experience with RDBMS such as MS SQL and Oracle (Teradata and Mongo DB a plus)
• 2+ years of experience in IAM Solution in Role Based Access Control (RBAC), Policy Based Access Control (PBAC) and Attribute Based Access Control (ABAC)
• 2+ years of Fine-Grained Authorization experience either using a PBAC tool or through the application code.
• 2+ Years of Working experience/expertise in Tomcat
• 2+ years of Linux Shell Scripting (Red Hat 8+)

Desired Qualifications

• 2+ years of PlainID
• 2+ years of experience with Java upgrades
• 2+ Years of Working experience/expertise in Redis, OrientDB and Postgress
• 2+ years of Experience in Access Certification and Segregation of Duty (SoD)
• Knowledge and understanding of Service Now, Active Directory and Service Accounts
• 2+ years of server vulnerability remediation on Linux servers (Red Hat 8+)
• Be willing to work non-standard business hours on an on-call basis in a 24x7x365 environment
• Designs, documents, tests, maintains, and provides issue resolution recommendations for moderately complex security solutions.
• Identify and implement operational best practices and process improvements within the following functional areas: Incident Management, Problem management, Planned and unplanned Outage/Event Management, Technology Refresh, Operational Reporting, Tooling, and Application Support.
• Develop documentation for requirements, operational policies, and procedures, as well as documentation to deploy monitoring tools to the data center and application operations teams
• Drive solutions to reduce recovery times, enable high availability and support disaster recovery
• Proactively identify issue trends as they develop; analyze/predict trends, and develop a long-range plan designed to resolve problems and prevent them from recurring; maintain high service levels for the IT community
• Direct the daily risk and control flow of operations, focusing on policies, procedures, and work standards to ensure success; re-engineering and driving continual service improvement
• Develop and foster a positive relationship with on and offshore team members, internal business partners such as product management, technical leads, systems operations, and other services and support members
• Researching, diagnosing, troubleshooting system issues, and identifying solutions to resolve system issues.
• Following standard procedures for proper escalation of critical or unresolved issues.
• Develop expertise in all PlainID products and stay up to date on new features and improvements.
• Documenting best practices, procedures and creating both internal and customer facing Knowledge Base articles.
• Strong verbal, written, and interpersonal communication skills
• Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
• Ability to discuss information security risks at a detailed technical level
• Ability to interact with integrity and a high level of professionalism with all levels of team members and management
• Knowledge and understanding of process design, modeling, and development
• Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment

Job Expectations:

• Ability to travel up to 10% of the time
• This position is not eligible for Visa sponsorship
• This position offers a hybrid work schedule

Posting Locations:

• 1525 W T Harris Blvd. - Charlotte, North Carolina 28262
• 2600 S Price Rd.- Chandler, AZ 85286
• 550 S 4th St.- Minneapolis, MN 55415
• 1301 Solana Blvd - Westlake, TX 76262

Posting End Date:

26 Sep 2024

Job posting may come down early due to volume of applicants.

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.