Sr. Analyst, Penetration Tester - Global Information Security

Full Time
New York, NY
Areas of Interest: Test and Evaluation, Vulnerability Assessment and Management
report a problem
Overview


 
Time Warner Inc., a global leader in media and entertainment with businesses in television networks and film and TV entertainment, uses its industry-leading operating scale and brands to create, package and deliver high-quality content worldwide on a multi-platform basis. 

Our operating divisions, Home Box Office, Inc., Time Warner Corporate, Turner, and Warner Bros. Entertainment Inc. share a dedication to light up the world’s screens with the best storytelling, across technological frontiers and geographic boundaries. They maintain unrivaled reputations as homes for creativity and excellence, with brands and leading scale that attract the best talent and ideas, and allow creative talent and journalists to realize their visions and share them with the world.


Posting Job Description

REPORTS TO:      
Executive Director, Threats, Vulnerability and Incident Response
 

POSITION SUMMARY:
Time Warner is seeking a Sr. Analyst, Penetration Tester for a new function under the Global Information Security team to help in investigating, reporting and remediation of vulnerabilities in the information systems maintained by the company. The successful candidate should have 5+ years of experience including in-depth hands on work in offensive security techniques and knowledge of network security and architectures. 
 
The qualified Sr. Analyst, Penetration Tester should have a keen understanding of offensive security practices and must be comfortable working across a wide range of technologies.  This individual must be able to conduct hands-on technical incident response type assessment testing that extends beyond automated tool validation across a wide variety of platforms and technologies.  The role is focused specifically on penetration testing tactics, techniques, and procedures identifying security thoroughness, attack vectors including full exploitation within multiple environments (Window and Linux based), and providing remediation steps.  
 

WHAT YOU'LL DO:
This position requires you to be a creative pen tester/ethical hacker who does not only have experience in conventional penetration testing methodologies, but who can also use advanced techniques to target and infiltrate systems in a covert manner.  You will be asked to conduct scenario based security testing to identify gaps in detection and response (red team / blue team exercises).  The candidate must demonstrate proven success in working in a team as well as independently, be results oriented and must present a level of endurance to complete an investigation and understand root causes of issues:
  • Identify, document, measure and communicate security risk analysis across the organization’s data networks, systems, and applications using standard and non-standard tools and exploitation techniques
  • Create attack scenarios that a malicious actor may perform to gain access to the Time Warner’s networks, systems, applications or endpoints
  • Conduct technical penetration testing including but not limited to external/ internal infrastructure, web application, cloud, and WiFi to identify or gain access to sensitive data
  • Communicate findings, recommend and validate remediation to technical staff and executive leadership
 
WHAT YOU'LL NEED: 
  • Minimum 3 years of combined application and network penetration, appsec, WiFi, threats and vulnerability management, security operations and engineering or hunt
  • Experience with phishing and other social engineering tactics
  • Knowledge and ability to conduct internal, external, social, wireless, and application penetration testing using a wide variety of exploitation techniques, tools, and procedures
  • Intermediate level experience with penetration testing of Web applications and its various components such as Injection, cross-site scripting, cross-site request forgery, validation, session management, web services, hosting, web traffic analysis, etc.
  • Scripting experience a plus: Python, Perl, Bash, Grep/Sed/Awk, etc.
  • Familiarity with and understanding of networking essentials, data flows, architecture, protocols, traffic, wireless
  • Knowledge of BYOD and Mobile Device Management platforms
  • Advanced knowledge using, administering, troubleshooting and exploiting two or more major operating systems such as Windows, Linux platforms, including Ubuntu and Red Hat
  • Hands on experience with Active Directory security, including scans, best practices and security configuration
  • Strong experience with open security testing standards and tools such as Kali Linux or Burp Suite Pro, Cenzic, Metasploit, OWASP, sqlmap, nosqlmap, WPScan, Nessus, Qualys, etc.
  • Familiarity with APT activity and offensive attack hacker mindset
  • Knowledge of password cracking, encryption, algorithm analysis, etc.
  • Must be a self-starter and have the ability to clearly convey results in formal technical reports
  • Versed in three or more programming and scripting languages such as HTML5, Java, Python, Ruby, Perl, Bash, PowerShell
  • Familiarity with Database (Oracle, MSSQL, MySQL)
  • Certifications (CEH, CEPT, GPEN, OSCP, GWAPT, CEH, GSEC or GIACs)



Share this job:

Time Warner Inc.

Time Warner Inc., a global leader in media and entertainment with businesses in television networks, film and TV entertainment, uses its industry-leading operating scale and brands to create, package and deliver high-quality content worldwide through multiple distribution outlets.

Specialties
Media and Entertainment
Visit Time Warner Inc.'s Social Media pages:
Company Industry: Entertainment
Company Size: 10,001+
One other job with this company: