UMB Bank Offensive Security Program Manager - Open to Remote in Boston, Massachusetts
Be part of something more.
A majority of our time is spent “at work.” We believe that time most meaningful when it’s spent around people who care about you and who challenge you. We hire people who know how to make good decisions, because we won’t be constantly looking over your shoulder—you’ll be empowered to do what’s right for our customers. Most importantly, we’re a partner. We partner with our associates to help them thrive personally and professionally. We partner with our communities and the organizations that support them. And, we partner with our customers to create an experience they won’t find elsewhere.
The Offensive Security Program Manager will lead UMB’s Offensive Security Program, reporting to the Director of Information Protection & Response. This includes building, maintaining, and continually advancing an adversary-oriented program to proactively validate administrative, physical, and technical control efficacy, identify opportunities for improvement, and partner with stakeholders across the organization to reduce risk.
How you’ll spend your time:
Conduct physical and technical penetration testing, red/purple team operations, social engineering, and breach and attack simulations that are informed by threat intelligence and emulate real world adversary behavior to improve defenses;
Develop new tools and capabilities to support execution of program strategy;
Prioritize vulnerabilities to appropriately characterize threats, provide remediation advice, and assist in the development of risk mitigation plans;
Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises;
Develop and maintain tools and techniques for adversarial simulation, vulnerability research, and exploit development;
Thoroughly understand and leverage commonly used attack frameworks (MITRE, Cobalt Strike, BEef, Metasploit, SET, Atomic Red Team, etc.)
Develop detailed penetration testing reports and presentations that can speak to audiences throughout the organization;
Provide technical expertise and advice on all areas of security technology, including network security, platform security, authentication/authorization systems, application security, policy enforcement, and security frameworks;
Ability to synthesize data from multiple sources and present concise, relevant and risk-based information to both technical and non-technical audiences;
Support risk assessments, third party penetration tests, vulnerability assessments, incident response and threat intelligence;
Consult with other internal teams regarding security requirements, concerns, and project issues;
Lead special projects and other duties as assigned.
We’re excited to talk with you if:
You have 10+ years of experience in information security audit/risk management or information security/technology.
or 6+ years of professional experience in these areas with a bachelor’s degree from an accredited college
You have at least one or more of the following certifications: Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC), GIAC Certified Pen Tester (GPEN), Certified Ethical Hacker (CEH) or Certified Pen Testing Engineer (CPTE)
You have advanced knowledge of: Penetration Testing Execution Standards (PTES), OWASP Application Verification Standard (ASVS), & MITRE ATT&CK Framework
You have experience with Metasploit, Cobalt Strike, BurpSuite, and NMAP
You have experience with cloud technologies, including AWS and Azure
You are familiar with Advanced Persistent Threat (ATP) activity and offensive attacker mindset.
You possess strong critical thinking and analytic skills, including the ability to perform data analysis to support and draw conclusions.
You have understanding of orchestration and automation using tools like Chef, Ansible, Salt, and Puppet
You are highly proficient in identifying and assessing information security and technology risk and development of appropriate strategies to mitigate risk.
You demonstrate strong self-management, organizational, and planning skills by consistently and effectively balancing multiple commitments and deadlines.
You have the ability to think and plan strategically, yet comfortable with tactical tasks.
You have effective collaboration and communication skills with technical and non-technical business partners and management.
You have the ability to lead and participate in cross functional teams in achieving organizational objectives.
You have advanced knowledge of firewalls, networks, operating systems, applications, databases, and storage.
You have experience leading and performing penetration testing for compliance programs such as Payment Card Industry (PCI)
- Information Security-related certification in one of the following areas: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
Open to qualified remote candidates.
The pay range for a candidate selected for this position who is based in Colorado is typically $87,570 to $162,540 annually. The selected candidate’s actual pay will be based on various factors, including but not limited to work location, qualifications, and experience, so the actual starting pay for the selected candidate may be above or below this range. The successful candidate will also be eligible to participate in one or more incentive plans based on company and individual performance.
UMB offers competitive and varied benefits to its associates including Paid Time Off; a 401(k) matching program; annual incentive pay; paid holidays; a comprehensive company sponsored benefit plan including medical, dental, vision, and other insurance coverage; health savings, flexible spending, and dependent care accounts; adoption assistance; an Employee Assistance Program; fitness reimbursement; tuition reimbursement; an associate wellbeing program; an associate emergency fund; and various associate banking benefits.
UMB and its affiliates are committed to inclusion and diversity and provide employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including gender, pregnancy, sexual orientation, and gender identity), national origin, age, disability, military service, veteran status, genetic information, or any other status protected by applicable federal, state, or local law. If you need accommodation for any part of the employment process because of a disability, please send an e-mail to firstname.lastname@example.org or call 816-860-7972 to let us know the nature of your request.
Who we are
We are more than a company. We are advisors, consultants, problem solvers, friends, community members, experts, and we are here to help you make the best of every moment with a financial foundation that can help you succeed.
Learn more about The Road to a Career at UMB
- UMB Bank Jobs