Share this Job

Cyber Threat Hunter & Penetration Tester

Date Posted: Oct 29, 2020

Location: Cary, NC, US, 27513

Company: MetLife

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Role Value Proposition: 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">The Global Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications assets while protecting customer and MetLife data. Application security is a top area of focus at MetLife. We have incorporated key industry security best practices, technologies and integrated operating models to further strengthen our defense posture. This is an exciting time to join MetLife’s Global Application Security team as we are continuing to expand the team and invest in new capabilities. The Cyber Security Threat Hunter + Penetration Tester will assist leadership on a variety of application security focused initiatives and promote close collaboration with key global stakeholders. This is a hands-on technical role. 

<span style="font-family:"Times New Roman",serif"> 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif"> Key Responsibilities: 

  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Support MetLife’s global application security program, initiatives and activities with a primarily focus on discovering, documenting, assessing and reporting Cyber Security threats to the organization. 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Implement Application/Website inventory controls to support continuous monitoring of MetLife’s attack surface, identify threats, prioritize remediation and report potential risks to the organization.  
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Maintain knowledge of adversary Tactics, Techniques and Procedures (TTP), assess critical cybersecurity incidents and review detective/preventive controls across each stage of the Cyber Kill Chain. 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Develop internal knowledge base, application inventory asset mapping, threat metrics, remediation progress tracking and MITRE ATT&CK patterns. 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Perform Web Application Ethical Hacking, threat assessments, Web Services penetration testing (RESTful and SOAP) using both automated and manual techniques. 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Utilize excellent communication and strong presentation skills with the ability to present threats/risks to Non-Technical audiences (in a business context). 

<span style="font-family:"Times New Roman",serif"> 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif"><span style="font-family:"Arial",sans-serif">Essential Business Experience and Technical Skills: 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif"> Required: 

  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">1+ year of proactive experience in one or more of the following roles: Ethical Hacker, Cyber Threat Analyst/Hunter, SOC Analyst/Consultant or Application Security Vulnerability Management. 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">5+ years of general experience in Information Security (Application Security Testing or Vulnerability Management) 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Must be highly analytical, articulate, excellent communication and strong presentation skills with the ability to present threats/risks to Non-Technical audiences (in a business context). 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Hands on experience assessing Cyber Security threats, threat actors, trends in adversary activities, attack vectors, emerging industry risks and effective application/website security countermeasures.  
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls efficacy and continuous threat monitoring of MetLife’s global attack surface. 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Preferred: 

  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Offensive Security OSCP, OSWE or OSCE certifications 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Bachelor’s degree in IT or security related field 
  • <span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Prior experience in application development (including Mobile), SDLC processes and source code security testing (code quality assurance) preferred 

<span style="font-family:"Times New Roman",serif"> 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Business Category 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">IT Risk & Security - Application Security 

<span style="font-family:"Times New Roman",serif"> 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">Number of Openings 

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">

<span style="font-family:"Times New Roman",serif">  

<span style="font-family:"Times New Roman",serif"><span style="font-family:"Arial",sans-serif">At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers. 

MetLife:

MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

 

We are one of the largest institutional investors in the U.S. with $600 billion of total assets under management as of December 31, 2019. We are ranked #44 on the Fortune 500 list for 2019. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.

 

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.

 

We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife.  For further information about how to request a reasonable accommodation, please click on the Disability Accommodations link below.

 

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

 

MetLife maintains a drug-free workplace.

 

Requisition #: 115390

 


Nearest Major Market: Raleigh