Assessments & Exercises Lead - Penetration Testing

As an Assessments & Exercises Lead in the Cyber and Tech Controls line of business, you will play a significant role in enhancing the firm's cybersecurity posture. You will utilize industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Your responsibilities will include designing and deploying risk-driven tests and simulations, evaluating controls and incident response processes, and advising cross-functional teams on security strategy and risk management. **Key Responsibilities:** - Design and execute testing and simulations such as penetration tests, adversary emulation assessments, collaborative technical controls assessments, and cyber exercises - Contribute to the development and refinement of assessment methodologies, tools, and frameworks - Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation - Collaborate closely with cross-functional teams to develop comprehensive assessment reports **Qualifications Required:** - 5+ years of experience in cybersecurity with exceptional organizational skills - Knowledge of US financial services sector cybersecurity practices, operations risk management processes, regulations, threats, risks, and incident response methodologies - Ability to identify systemic security issues and proficiency in multiple security assessment methodologies - Excellent communication, collaboration, and report writing skills - Strong understanding of operating systems, software vulnerability and exploitation techniques, offensive security tools, networking fundamentals, DevOps, incident response, and threat hunting - Experience in manual penetration testing and assessments against various applications The company is seeking individuals with a strong background in cybersecurity and offensive testing methodologies. Preferred qualifications include relevant industry certifications such as CISSP, CISM, or those offered by Offensive Security, CREST, or SANS, showcasing advanced expertise in cybersecurity. Technical knowledge or experience in developing proof of concept exploits, scripting languages, and security tools is highly desirable. Experience in Intelligence Community/Security Services background and knowledge of malware techniques would be advantageous. Experience with large centralized logging platforms like Splunk or Elastic is also a plus.,