www.lyondellbasell.com manufactures products at 55 sites in 17 countries. Our products and technologies are used to make items that improve the quality of life for people around the world including packaging, electronics, automotive parts, home furnishings, construction materials, and biofuels.
This is the role
How can we protect our company from cyberthreats? And how can we contribute to security awareness within the company? Questions we ask ourselves daily, and that's where you come in.
This role will define and execute automated and manual vulnerability assessments, identify and report vulnerabilities in applications, platforms, and network components to prepare networked defenses and staff. The role is part of the Offensive Security Team and works closely with the Incident Response team as well as the application developers/owners to ensure the security and reliability of critical electronic systems.
Among the tasks and responsibilities are the following:
- Identify and mimic the tactics, techniques, and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries.
- Combine cyber threat intelligence with vulnerabilities to simulate relevant threats, evaluate client incident response (IR) capabilities, and help security operations teams prepare for worst-case scenarios.
- Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers.
- Foster security awareness culture, mentor team members, perform presentations, and demonstrate hacking techniques.
- Publish relevant security standards, practices, guidelines, and processes.
- Research and integrate tools, processes, and techniques to improve vulnerability analysis, forensics capabilities, network and data security, and threat management.
- Effectively communicate findings to stakeholders at all levels across the organization.
- Conduct research, penetration testing, and vulnerability assessments on external-facing resources and internal assets to determine risks.
- Maintain regular focus on the latest industry techniques, tools, and research; be able to develop and explain technical decisions and separate fact from opinion and speculation.
- Improve overall cyber resilience to the next level of maturity and effectiveness.
This is who you are
We are looking for a Pen-Tester who brings up-to-date know-how to the playing field and has a solid track record in cybersecurity. You are passionate about your job and thrive by solving problems. Furthermore, your advisory skills go without saying, and you have a clear way of explaining difficult problems to a broad audience. Finally, you are driven by results and want to be a contributor to improvements in the department.
This is what you bring
- Minimum Qualifications:
- BS or equivalent experience.
- 3 years of related experience with information technology, information security, and application penetration testing.
- Experience in one or more of the following: cyber operations, red teaming, exploit development, incident response/hunt, cybersecurity research and development.
- Strong written and verbal communication skills.
Preferred Qualifications:
- Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence.
- Experience writing code in one or more programming languages (Python, C/C++, JavaScript, Java, etc.).
- Related certifications such as the OSCP or CEH.
- 2+ years of experience in coordination and execution of web application, network, and system penetration tests with a good understanding of OWASP TOP 25.
- Knowledge of ATT&CK and its uses within the cybersecurity community (e.g., Open Source projects).
- Experience with encryption protocols (i.e., SSL/TLS) and algorithms (RSA, AES, etc.).
- Familiarity with attack emulation/penetration tools, e.g., APT Simulator and Metasploit.
- Expertise in application security including web application penetration testing and debugging and reverse engineering.
- Experience in red teaming, penetration testing, exploitation.
- Experience in incident response (hunt), blue teaming.
- A strong technical leader in the analysis of information security vulnerabilities.
- Good project management skills and familiarity with ensuring security by design inside of a System Development Life Cycle (SDLC) process.
Competencies
- Builds effective teams.
- Collaborates.
- Cultivates innovation.
- Customer focus.
- Demonstrates courage.
- Drives results.
- Ensures accountability.
- Instills trust and exemplifies integrity.
This is what we offer
We offer an environment where we encourage personal and professional growth and where you will be rewarded for your performance and results. You will have the possibility to work with specialists in all fields to develop innovative solutions and to extend your national and international network. In addition, we offer you a competitive salary package.
Interested
Please feel free to call for more details. Would you like to apply? Just send us your motivation and resume via the application button.
#J-18808-Ljbffr