Penetration Testing Manager

Houston TX
February 08 2019
Insurance, Securities
Functional Area:

IT - Information Technology

Estimated Travel Percentage (%): Up to 25%

Relocation Provided: No

AIG Employee Services, Inc.

Join 65,000 AIG colleagues who work together every day to make a difference around the world. Our employees exemplify our values of diversity, inclusion, and global citizenship - and in return, we offer world-class opportunities that lead to exciting careers across a broad range of disciplines. Discover who you can become at AIG.

Your future team

The Assessment and Effectiveness team is a key component of the Information Security Office (ISO). Team members serve as trusted advisors to IT and the Business, helping them effectively manage security risks. Assessment and Effectiveness colleagues consult with their constituents in determining optimal ways to develop applications and manage systems securely. They identify cyber risks and put a premium on effective design and operations. Additionally, the Assessment and Effectiveness team assists asset owners in implementing appropriate security controls. By identifying vulnerabilities across all of IT, Assessment and Effectiveness add a critical control to the business and strengthen our endeavors.

Organizational Structure and / or Position Summary

This person will be working closely with multiple stakeholders throughout the information security organization. He/she will be responsible for evaluating the effectiveness of the entire information security function, inclusive of the organizational structure, processes, and capabilities. This position will be responsible for implementing tangible solutions and changes that demonstrate clear risk reduction. This position requires a deep understanding of business functions across the enterprise and the ability to translate technical security weaknesses in a manner that is consumable by technology related personnel and business executives. The ideal candidate is very detailed oriented with strong written and oral communication skills.

Your contribution at AIG

As a senior team member you will be engaged with other team members across Technology Services and the Information Security Office at AIG. Additionally you will assist in providing direction for members of your team.

  • Research, document, and teach the latest security trends.
  • Assist leadership and your team to create and implement framework for collecting and reporting on security metrics and maturity levels to evaluate the effectiveness of current capabilities.
  • Assist leadership and your team to create and implement framework for reporting on security metrics that demonstrate risk reduction.
  • Assist leadership and your team to implement processes to report metrics that are meaningful to technology operations as well as business executives.
  • Work with various stakeholders to prove the effectiveness of security tools that are in operation.
  • Evaluate and improve processes to reduce cost and increase velocity of risk reductions.
  • Evaluate effectiveness of new capabilities and provide guidance on perceived future state risk education to justify cost.
  • Implement processes that leverage industry trends to include machine learning and artificial intelligence.
  • Create security project schedules and documentation as needed.
  • Perform other security-related duties as requested

What we are looking for

  • The ideal candidate will have 5-8 years of experience in information security related positions, with 4-5 years in a Lead or Manager role preferred.
  • Ability to lead and mentor the other members of the Penetration Testing team as necessary to improve processes, procedures and the overall maturity of the program
  • Strong understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications
  • Strong understanding of Cloud architecture and security controls
  • Experience penetration testing in global environments with various legal and regulatory requirements
  • Strong understanding of security circumvention tools and techniques
  • Knowledge of application security testing tools such as Burp Suite, OWASP ZAP, Appscan, Responder, Metasploit, PowerSploit, etc…
  • Ability to review source code and explain mitigation controls within source code for languages including, JAVA, C, CGI, PHP, HTML, AJAX
  • Understanding of various application development principles with a focus on Agile software development
  • Ability to review, modify and create scripts for automated testing techniques using languages such as Bash, Python, Go, Powershell, etc…
  • Strong background in the mathematics of security metrics across various capabilities.
  • Understanding of how various security capabilities are designed and how they function.
  • Ability to converse with technical security staff as well as business executives.
  • Up to date knowledge of the security landscape pertaining to new technologies.
  • Ability to positively influence the behavior of peers and build relationships with other teams.
  • Self-starter, ability to work independently with minimal supervision and as part of a team.

  • Bachelor of Science in Computer Science, Information Systems, Software Engineering preferred, and/or relevant military or law enforcement experience.
  • CISSP, GIAC GSSP, CEH, OSCP, and/or OSCE are ideal
  • Active or previously held Security Clearance preferred

It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.