Job Description

Are you curious to learn? Are you interested in working on meaningful projects? Do you want to work with cutting-edge technology? Are you interested in being part of a team that is working to transform and do things differently? If so, LPL Financial is the place for you! Job Overview: As a member of the Information Security team, the VP of Offensive Security will be responsible for overseeing and maturing the penetration testing function at LPL. This position will be focused on the development and execution of an internal penetration testing program to supplement our existing 3rd party program, with a strong focus on web application testing. This role will lead a highly technical team charged with performing penetration testing engagements to validate the security of resources across the company. Candidates are expected to perform hands-on testing as well as serve as the team lead of all the penetration testing activities and lead the overall function. The ideal candidate must possess a highly technical skillset and the ability to collaborate with stakeholders across the company to integrate penetration testing within company processes. Offensive Security is a top area of focus at LPL. This is an exciting time to join the Information Security team as we look to build and greatly expand the current program. Responsibilities: Partner with other Technology stakeholders to develop the scope and activities of the penetration testing program, including integrating penetration testing within existing company SDLC processes to enhance our ability to identify security weaknesses in applications prior to production deployment. Build and lead the internal penetration testing team, execute testing, and oversee the execution of all related activities. Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, and APIs) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities. Perform assessments of internal/external networks, infrastructure, cloud environments, social engineering, and a wide array of internally developed and commercial products. Think creatively and strategically to circumvent security controls, identify vulnerabilities, and develop effective solutions. Stay informed on ever-emerging and fast-changing TTPs, zero-days, and remediation strategies. Develop/modify custom tooling to solve new needs. Document and formally report testing initiatives, test findings, justified risk ratings, remediation recommendations, and validation results in a clear and concise manner. Partner with technology teams to present security testing results, highlight the threat presented by the results, and consult on remediation guidance in a way that is easy for IT stakeholders to understand. Partner with the Security Operations Center to perform purple team exercises designed to validate and improve security detections. Develop and maintain process documentation as well as tools and scripts used in penetration testing and red team processes. Ensure penetration testing activities are meeting security and business objectives and outcomes by establishing metrics & key performance indicators (KPIs). Establish penetration testing function roadmap, lead the scoping and execution of program improvement initiatives, and communicate status to senior leadership. Manage the 3rd party penetration testing program by identifying vendors, overseeing vendor testing activities, and working with Sourcing to develop statement of work documentation and procure such services. Oversee the communication, reporting, and tracking of findings identified during testing activities, following up with remediation teams to determine status, escalating findings as needed to senior leadership, and performing retesting to validate successful closure of previously identified findings. Assist with the validation of issues submitted to the company’s Vulnerability Disclosure Program and Bug Bounty programs. What are we looking for? We want strong collaborators who can deliver a world-class client experience. We are looking for people who thrive in a fast-paced environment, are client-focused, team-oriented, and are able to execute in a way that encourages creativity and continuous improvement. Requirements: 10+ years’ experience conducting application/API and network-based penetration-testing/red team engagements. 5+ years experience leading technical red team/offensive security function. Advanced level of knowledge with security assessment tools and frameworks, including Burp Suite, Kali Linux, Nessus, Accunetix, Metasploit, AutoSploit, Cobalt Strike, etc. At least one industry certification such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN. Preferences: Bachelor’s Degree or equivalent in Information Security, Engineering, or Computer Science. Experience managing information security teams. Advanced understanding of OWASP, the MITRE ATT&CK framework, and the software development lifecycle (SDLC). Advanced knowledge in programming languages (.NET, Javascript, Python, Java, PowerShell, Perl, Ruby, Bash, etc.). Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments, and cloud-native resources (e.g., Containers, Kubernetes, microservices, serverless functions). Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections. Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases, and middleware applications, forensics, scripting, and programming. Good communication skills and ability to work with all stakeholders, internal and external, finding, advising, and implementing the best solutions. Strong organization skills and people management skills. Insatiable curiosity for tinkering with and circumventing security features and controls. #J-18808-Ljbffr LPL Financial

Job Tags

Similar Jobs