Posted in Other 7 days ago.
Type: Full Time
We are actively seeking a Senior Manager for our Threat & Vulnerability Team to perform penetration testing in support ofsoftware products and delivery platforms, which span Corporate Technologies and Clouds. In this role, you ll lead a team of Security Specialists, interface with Product Engineering and technology groups, and translate the team s vulnerability findings into business risk terms to support actionable decisions. This role requires significant penetration testing experience, natural curiosity and the drive to dig deeper in order to find and exploit vulnerabilities.
This role has extensive scope to exercise the application of tools, technologies and tactics. Deltek s products offer an experienced candidate the ability to leverage their skills across our business to improveour security posture and drive meaningful change.You ll make our products better for our customers.
Specific responsibilities include:
* Leading and executing penetration tests and red team exercises across our enterprise: cloud, product and corporate environments and in targeted assessments;
* Providing management and technical leadershipto a team of Penetration Testers and Vulnerability Engineer, developingand mentoring team members;
* Leveraging commercial tools and developing custom scripts for vulnerability scanning and identification;
* Writing custom exploit code, Metasploit modules, and attack tools as part of penetration testing methods;
* Leading Deltek s policy development across CI/CD, SAST, IaC. Scaling security tooling and scanning into a mature service;
* Performing source code review and analysis from SAST assessments to identify security vulnerabilities;
* Performing research to stay current with latest penetration testing tools and methodologies;
* Advising on remediation actions to mitigate findings; presenting thosefindings to technical and business audiences, ensuring clear communications of business risk and impact;
* Performing mobile application penetration testing;
* Serving as the escalation point and appsec liaison for incidents, vulnerability remediation, including validation, coordinating remediation, facilitating information sharing, and reporting;
* Developing vulnerability metrics and benchmarks, as well as defining Deltek s Security Assurance Maturity Model (SAMM);
* Leading third-party penetration tests and security assessments; manage associated relationships.
To be successful in this role, weu0027d expect you to have the following:
* At least 7 years of hand-on experience in performing external and internal penetration tests using industry standard tools such as Burp, Metasploit, Kali, CobaltStrike, Nmap, etc;
* Hold active OSCP, CISSP and AWAE certifications, BS degree;
* Experience with NIST and FedRAMP controls assessments; ability to manage FedRAMP penetration testing requirements;
* Thorough understanding of Windows and Linux, AWS and Azure. Solid understanding of networking and corporate technologies including: TCP/IP, Ports, Active Directory, DNS, networking protocols;
* Proficiency in performing assessments across enterprise-class applications including components such as: SSO, 2FA, SAML, Restful APIs, and integrations with third-party solutions;
* Use of OWASP Top 10, Mitre ATT&CK and the cyber kill chain frameworks; CIS benchmarks for hardening;
* Proficiency with at least one of the following: Python, Bash, PowerShell;
* An understanding of cloud computing models, technologies and concepts;
* Ability to successfully lead and manage a global team; off-hours and incident support;
* Advanced written and verbal communication skills, strong analytical and interpersonal characteristics, and ability to work both independently and collaboratively;
* Knowledge of Agile software development.
Better software means better projects. Deltek is the leading global provider of enterprise software and information solutions for project-based businesses. More than 30,000 organizations and millions of users in over 80 countries around the world rely on Deltek for superior levels of project intelligence, management and collaboration. Our industry-focused expertise powers project success by helping firms achieve performance that maximizes productivity and revenue. www.deltek.com
Deltek, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.