The Team
At Aflac Northern Ireland, we are building a diverse, multi-function Cyber Security Team to support our Global Security Program protecting our customers in the US & Japan. The Aflac NI Security Team has taken ownership of key components of the security program and are integrating with the Global Security Team to strengthen existing functions and build new capabilities.
When customers come to us in their time of need, they require secure, resilient systems to manage their policies, so it is critical that our infrastructure and applications are protected. As a widely recognised Fortune 500 company, Aflac’s brand is one of its most valuable assets and protecting its reputation is of utmost importance. The Aflac NI Security Team has been formed to bring subject matter expertise, thought leadership and innovative problem-solving techniques to enhance capabilities in support of the Aflac Global Security Strategy.
Aflac relies on their xRed Team to find a myriad of vulnerabilities across network, application, mobile, cloud, wireless and other assessments. Working as part of the Aflac Northern Ireland Cyber Security Team and within Aflac Global Security, you will plan, lead and execute penetration testing operations. You will help direct the threat hunt strategy and activities supported by a team of highly skilled professionals.
The intention is for our teams to continually adapt and reinvent their skills and capabilities over time as technologies change and evolve. We provide the right challenges and opportunities to enable your success; you to bring your enthusiasm and the ability to learn quickly.
The Role
Aflac NI is in search of an experienced Penetration Tester to lead our growing Belfast based xRed Team. We are looking for a passionate, naturally curious individual who is keen to make an impact at a Fortune 500 company. Working as the xRed Team Lead, you will be instrumental in planning and executing penetration testing engagements of strategic importance, as well as more specific offensive scenario driven operations.
We are looking for someone who is comfortable in both a leadership and practitioner capacity; allowing you to get hands on with testing but also ensuring the team has clear direction, has the tools they need and are enabled to perform. We are working hard on building one of Belfast’s most adaptable, talented and diverse line-up of people and we only want to work with the best who will assist with maintaining and growing the Aflac Northern Ireland Security Team’s reputation within the company and beyond.
(Some of) what you will be doing:
• Develop and oversee the execution of the team’s penetration testing and threat hunting strategy.
• Maintain responsibility for executing tests, reporting findings, creating and configuring tools, and maintaining testing platforms.
• Perform automated and manual hands-on cyber penetration security testing, including identifying security risks within applications, security controls, and network infrastructure.
• Take on people leader responsibilities for the Aflac Northern Ireland xRed Team, using your own experience to model the skills and behaviour necessary to be a fantastic penetration tester.
• Use your technical knowledge to give expert feedback to team members to support them in solving complex problems and making technical decisions.
• Ensure the team constantly ramps up and understands new designs, systems, and technology, with a particular emphasis on knowledge of Aflac’s external points of presentence and risks associated with them.
• Identify and encourage areas for growth, education, and career development for your team.
• Lead comprehensive assessments of features and large-scale applications and environments, including mapping out the surface area and assessing prioritisation based on time, resource, and general importance tradeoffs.
• Lead targeted operations (planning, scoping, approval, reconnaissance & discovery, execution of attacks, pivoting, persistence, and remediation)
• Work directly with the business and project teams to understand their roadmaps so that new points of presence and technologies are accounted for and tested as they are deployed to production.
• Brief management and technical resources on new exploits, internally discovered vulnerabilities and likely attacker tactics against all Aflac environments.
• Communicate with information technology and development teams on integrations and automation for penetration testing tools
• Research emerging technologies and attack vectors.
What we are looking for (don’t worry if you don’t have it all):
Essential
• Bachelor’s degree in computer related discipline and/or 5+ of experience in penetration testing or related information security fields.
• Proven experience in penetration testing methodologies and toolsets.
• Advanced knowledge of automated penetration testing tools and integrations.
• Advanced knowledge of evasion strategies for multiple security technologies (IDS/IPS, WAF, AV, etc.)
• Ability to maintain own tools and testing infrastructure for assessing a range of environments.
• Ability to clearly convey threat hunt results in formal technical reports and deliver briefings to stakeholders at all levels.
• Proven leadership experience and the ability to create and communicate a vision that inspires others.
• Passion for coaching and mentoring talent, empowering individuals to think differently in how they approach and solve problems.
Desirable
• Penetration testing certifications like (GPEN, GXPN, OSCP, OSCE, CEH, CREST etc.)
• Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code.
• Advanced knowledge of penetration testing processes in cloud environments.
• 4+ years of demonstrable experience with executing Web application, network, and system penetration tests.
• Experience with leveraging Open Source penetration testing tools, including Metasploit and the Kali Linux tool set.
• Knowledge of open security testing standards and projects, including OWASP.
• Proven ability to assist remediation efforts for discovered vulnerabilities.
• Experience mentoring / coaching junior team members.
• Experience setting up and presenting demo events to a technical audience.
Aflac Northern Ireland is an Equal Opportunities employer
