Sr Principal InfoSec Analyst - Penetration Testing
Symantec Corporation (NASDAQ: SYMC) is the global leader in cyber security. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives.
We make the world a safer place by helping people, businesses and governments protect and manage their information, so they can focus on achieving their goals.
In the Global Security Office, you will have the opportunity to work for the protection of Symantec’s information technology, brand, intellectually property, and customer data from misuse or compromise. Security controls have never been more important and as the leader in security solutions, we are targeted relentlessly and aggressively on many fronts and must defend ourselves accordingly. The Global Security Office is responsible for all aspects of security at Symantec and, as such, is made up of a diverse, multi-disciplinary and highly talented group of individuals who strive everyday to protect what is most critical to Symantec.
Reporting to the leader of the Global Security Office (GSO) Threat & Vulnerability Management (TVM) team, the Sr. Principal IT Security Analyst is responsible for conducting authorized penetration testing engagements as directed and according to prescribed methodologies. This position is responsible for conducting technical penetration testing, social engineering in addition to the management, maintenance, deployment and operations of the lab equipment required to conduct engagements.
The Sr Principal Information Security Analyst works closely with The Penetration Testing team members and other Symantec groups to ensure the expert execution of various methods of data acquisition, system exploitation and security control verification in order to Identify and document vulnerabilities, and possible vectors of data exfiltration and corruption. He/she will work collaboratively with company employees, to ensure any and all identified concerns are reported per the Penetration Testing Standard. The successful candidate will closely adhere to strict disciplines in support of delivering a professional service.
The position is responsible for completing assigned projects and for conforming to Symantec Information Security Policies. The position also interfaces closely with internal business units, departmental contacts, and other internal contacts and must clearly communicate security requirements and objectives to audiences with varying technical and security experience levels. Additionally, the candidate will need a very solid understanding of a global enterprise IT infrastructure operational environment, one which adheres to industry best practice.
- Subject Matter Expert (SME) within the Threat & Vulnerability Management team for conducting penetration testing.
- Work closely with the TVM Manager and Pentest Project Manager to conduct penetration testing in accordance to industry, policy and business requirements.
- Work closely with Symantec Incident Response team and Security Operations Center during investigation as needed.
- Conduct briefings and information exchange sessions in order to relay scope, breadth and impact of issues identified during penetration testing engagements.
- Manage, maintain and operate multiple software and hardware tools required for the different penetration tests.
- Conduct administrative task such as process documentation, briefing creation, and other such tasks as needed.
- Candidate must be a US citizen.
- Candidate willing to rotate 24x7 on-call duties.
- Candidate willing to submit to an enhanced background check which includes credit verification.
- Candidate must have 5+ years working as a Penetration tester or Red team member.
- Hands on operational experience performing penetration testing.
- Candidate must have two of the following certifications: CEH, ECSA, LPT, CPT, GPEN, GWAPT, GXPEN
- Desired but not required certifications: OSCP, OSWP, OSCE, OSEE, OSWE
- Candidate must have working knowledge of network concepts, protocols, services, tools, and architecture.
- Experience using a wide range of penetration testing tools, exploits and malware
- Expert level experience with Unix/Linux operating systems and command line scripting.
- Knowledge of Python, Perl, Bash, C, C++, Java are highly desired
- Web development experience is highly desirable.
- Exploit creation and development experience is also highly desirable.
- Knowledge and experience in conducting application penetration testing
- Understanding and experience exploiting wireless systems.
- Understanding and experience with practical social engineering concepts and processes.
- Understanding of policy compliance and best practice standards/frameworks.
- Understanding of patch management tools and their limitations.
- Solid understanding of PCI Scanning, standards, and report attestations.
- Knowledge and experience working on network and network security devices such as switches, routers and firewalls.
- Candidate must have strong analytical skills and willing to defend corporate security practices.
- Ability to multitask, balance, and prioritize work in a fast paced environment.
- College degree BS preferred.
- Travel requirements =25% that would include GSO all hands meetings, team offsite meetings, training and client facing presentations, and onsite Physical and Social Engineering efforts.
- Candidate must have strong verbal and written communication skills.
- Experience creating technical reports is highly desired.
- Candidate must be team oriented, self-starter, and willing to work without supervision.
Relentlessly protect the world’s information. Make a difference at Symantec. Across the globe, we are an ‘essential’ partner to both consumers and businesses of all sizes. We combine our talents, our brains, and our creative energy to reinforce our place as a world-class technical community.
Our most critical asset at Symantec is the talent we hire - you! We look for people who have a desire to excel and reflect our values: Innovation, Action, Customer-Driven, and Trust. We recognize that every opening in our company is a chance to increase Symantec's competitive advantage, and we are willing to invest in you in order to win.
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.
Symantec will respond to requests for reasonable accommodations to assist you in applying for positions at Symantec, or to submit a resume. If you need to request an accommodation, please contact our HR Helpdesk at 1-800-497-2580 or by email at email@example.com.
EEO is the Law. Applicants and employees of Symantec Corporation are protected under Federal law from discrimination.Click here to find out more.
Encryption, Antivirus and Malware protection, eDiscovery, Identity Protection and Authentication, Information Protection, Cyber Security Services, Threat Protection
Company Type: Public Company
Company Size: 10,001+
- Back-end Engineer Intern | Website Security
- Cyber Security Analyst
- Dir, Information Security Audit & Compliance (ID Analytics)
- Director, Incident Response
- Principal Information Security Analyst
- Principal IT Specialist - Identity and Access Management, within Hybrid Cloud Infra. Services
- Security Assurance Manager / Princ InfoSec Analyst
- Sr Principal Information Security Analyst - SOC
- Sr Principal Information Security Analyst - SOC
- Sr Product Manager - Security
- Sr. Cloud Security Engineer (AWS)
- Threat Analysis Engineer