Job Information
MetLife Red Team Analyst in Cary, North Carolina
Role Value Proposition:
Under the direction of the Red Team Lead, the Red Team Analyst will help develop and perform various Red Team activities and exercises along with a series of periodic penetration tests. The Red Team Analyst will provide subject matter expertise across multiple areas related to continuously enhancing MetLife's security posture. This role will also require advanced analytical and communication skills in order to efficiently interact with global stakeholders and provide input to drive effective remediation across the organization.
Key Responsibilities:
Perform network penetration and web application testing, social engineering assessments, and red team assessments.
Familiar with and safely able to use various attacker tools, techniques, and procedures.
Assist with scoping prospective engagements, engagements from kickoff through remediation.
Build and coordinate Red Team exercises and initiatives with internal stakeholders from inception to closure. Perform the assessments using manual and automated techniques.
Simulate sophisticated attacks based on their TTPs mapped to the MITRE ATT&CK
Simulate sophisticated attacks through social engineering, electronic and physical testing, and defensive control evasion.
Develop comprehensive reports, and presentations on Red Team activities and findings for technical and executive stakeholders.
Document Red Team processes, tactics, techniques, and procedures.
Qualifications
Required Qualification:
Bachelor's degree in computer science, information systems or related field, or equivalent work experience.
At least 2+ years of Red Team experience.
At least 4+ years of experience in the penetration testing area, including:
Strong experience in Network, web application, and infrastructure penetration testing
Proficiency with one or more scripting languages such as Python, PowerShell, and Bash to automate simple tasks.
Experience modifying exploits and using exploit tools.
Strong knowledge of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell.
Knowledge about red teaming methodologies and tools.
Knowledge of security controls, including access, intrusion detection/prevention systems (IPS/IDS), security information and event management (SIEM) systems, patch management systems, etc.
Experience with testing tools like Cobalt Strike, Metasploit, Nmap, Burp Suite, Wireshark, etc.
Knowledge of Active Directory attack paths
Email social-engineering assessments.
Strong understanding of operating systems network technologies, and protocols.
Excellent written and verbal communication skills.
Experience documenting high-quality reports.
Experience working in complex, diverse, and global (international) environments.
Relevant offensive certifications such as OSCP, OSEP, OSCE, GXPN, and GRTP.
Preferred Qualifications:
Purple Team experience.
Experience using BAS tools.
Equal Employment Opportunity/Disability/Veterans
If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.
MetLife
-
- MetLife Jobs
