IT - Information Technology
Estimated Travel Percentage (%): Up to 25%
Relocation Provided: No
AIG Employee Services, Inc.
The Security Analyst/Penetration Tester will be an integral part of our team and will be reporting to the Manager of Penetration Testing. He/she will be someone who would, -
Conduct Manual Penetration Test on a wide range of IT products, including Web Applications, Web Services, Mobile Applications, Thick Clients and Infrastructure Interfaces including AWS services
- Conduct Red Team activities against People, Process and Physical assets
- Assess the effectiveness of security tools used to defend attacks by our organization - Perform thorough scoping and planning before conducting penetration tests
- Manually generate proof of concepts for security vulnerabilities, prioritize the risk, present the results to the stake holders and provide detailed remediation guidance
- Create threat models to go beyond scanning to exploit the vulnerability
- Clearly documents the scope of work, attack scenarios, findings and evidence in the report
- Keep up to date with the application security trends including information security news, application security services, tools, latest breaches, patch updates, etc.
- Generate periodic metrics for the senior management and for auditors as needed
- 5 years of information security and/or penetration testing work experience preferred - An in-depth understanding of OWASP Top 10 is required
- Have experience in Ethical Hacking - red-teaming, penetrating systems, writing reports on findings, collaborating with owners to update systems, etc.
- Extensive experience in manually identifying security vulnerabilities and in generating Proof Of Concepts
- Experience in describing security concepts to personnel of both technical and non-technical backgrounds
- Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies
- Strong understanding of information security concepts
- Professional demeanor is a must
- Excellent verbal and written communication skills required
- Problem solving and influencing
- Bachelor's Degree (or equivalent work experience) preferred
- Information security certifications CEH, CPT, GSEC, GWAPT, GPEN, CISSP, OSCP, SANS certification, etc. are preferred
- Strong scripting skills desirable
It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.
At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.