Associate Director - Penetration Testing virtual remote home office

Profile

Description

We are seeking an experienced Associate Director of Penetration Testing with over 10 years of Cyber Security experience (minimum 5 years managing teams that support penetration testing and/or red team programs) to join our Enterprise Information Protection team. The candidate will lead our Penetration Testing program and drive key initiatives to increase our program maturity.

Penetration Testers carry our offensive security assessments to enumerate weaknesses, identify needed security improvements, and validate our security control effectiveness.

The Associate Director will focus on continuing to build out the teams, developing vision and strategy for penetration testing, continuously optimize capacity and efficiency of penetration testing, and partner with the CISO and other stakeholders to determine which assets to prioritize testing for.

Responsibilities

We are seeking an experienced Associate Director of Penetration Testing with over 10 years of Cyber Security experience (minimum 5 years managing teams that support penetration testing and/or red team programs) to join our Enterprise Information Protection team. The candidate will lead our Penetration Testing program and drive key initiatives to increase our program maturity.

Penetration Testers carry our offensive security assessments to enumerate weaknesses, identify needed security improvements, and validate our security control effectiveness.

The Associate Director will focus on continuing to build out the teams, developing vision and strategy for penetration testing, continuously optimize capacity and efficiency of penetration testing, and partner with the CISO and other stakeholders to determine which assets to prioritize testing for.

Primary Responsibilities

Lead a team of Penetration Testers focused on ethical hacking and simulated attacks against web, mobile, cloud and network assets.

Must have prior Kanban experience and be comfortable leading a Kanban team.

Strong engagement skills with experience discussing security requirements and issues with senior management from both the business and technology, as well as with developers and technologists.

Develop a model to support a continuous lifecycle of penetration testing that align with the business and focus on the highest risk areas of the company.

Focus on continuous process optimization and coverage to achieve capacity gains without necessarily adding more people.

Provides direction and thought leadership to enterprise-wide initiatives applying security principles such as access control, encryption, and host security as well as state of the art and emerging technologies such as cloud computing, mobile computing, and next generation architecture.

Collaborate with IT and Developers to design and implement remediation solutions.

Knowledge with tools and industry standards such as Mitre ATT&CK, PCI, SOx, NIST, HiTrust, and OWASP.

Solid knowledge and understanding of systems development life cycle (SDLC), CI/CD pipelines and Agile methodologies

Required Qualifications

Bachelor's degree in an IT-related field required; post-graduate degree is a bonus, but not required.

6 or more years of experience in or leading Threat and Vulnerability Management, Penetration Testing, or Red Teaming

2 or more years of management experience

Must be passionate about contributing to an organization focused on continuously improving consumer experiences

Location Requirements

Preferred locations are Washington D.C. or Louisville Kentucky.

Scheduled Weekly Hours

40

Company info

Humana Inc.
Website : http://www.humana.com