Penetration Tester, Associate - Santander Holdings USA Inc

Penetration Tester, AssociateCountry : United States of AmericaThis role is the Technical / Penetration Tester within Santander North America, covering both the US and Mexico.

The Technical Tester develops, designs, matures and executes service. A successful candidate will have verifiable experience in offensive security, threat hunting, attack simulation, programming, and leadership.

Strong technical capabilities and an understanding of the application to the organization while recognizing operational impact is important as this is a key function of the role to work closely with defensive partners.

This role is key to us maturing and growing our overall program and will have a lot of external visibility. Bilingual Spanish is a plus.

Responsibilities : Provide knowledge leadership in the coordination of third parties for Pentesting exercises.Provide deep subject matter expertise for Ethical Hacking Techniques.

Analyze test results and providing feedback to the owners of services / infrastructure & stakeholdersAdvanced knowledge of threat intelligence & vulnerability managementCollaborate with various groups and individuals to follow up remediation plans for vulnerabilities identified during automated Pentesting exercises.

Assist in incident response efforts by providing expertise and insights gained from ethical hacking activities to mitigate and remediate security incidents effectively.

Maintain detailed documentation of processes, methodologies, and findings related to ethical hacking activities.Provides advisory support for regulatory examinations and audits by defining the how and why for all implemented decisions;

ensures all requested documentation is provided.Qualifications : 5+ years of relevant experience with most of the requirements belowExtensive experience working with Offensive Security Methodologies and Attack Simulation TechniquesOffensive Security testing tools.

e.g., Cobalt Strike, Bloodhound, Red Team ToolkitExperience leveraging the MITRE ATT&CK FrameworkVulnerability Assessment tools.

e.g., Nessus, Qualys, Rapid7Exploitation frameworks, e.g., Metasploit, CANVAS, Core ImpactSocial Engineering campaigns. e.

g. email phishing, phone calls, SETDeep understanding of OSI modelSecurity devices, i.e. Firewalls, VPN, AAA systemsOS Security.

e.g. Unix / Linux, Windows, OSXUnderstanding of common protocols. e.g. HTTP, LDAP, SMTP, DNSWeb application infrastructure.

e.g. Application Servers, Web Servers, DatabasesWeb development and programming languages. e.g. Python, Perl, Ruby, Java, .

NetProven experience with attack simulation and threat hunting is a must.Advanced Microsoft Office skills preferred.Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations.

Advanced analytical and problem-solving skillsConsistently demonstrates clear and concise written and verbal communication.

Preferred Certifications : PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSPProficient in interpreting and applying policies, standards, and procedures.

Diversity & EEO Statements : At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams.

We actively encourage everyone to apply.Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law.

Working Conditions : Frequent Minimal physical effort such as sitting, standing, and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown.

Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.Employer Rights : This job description does not list all the job duties of the job.

You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description.

The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week.

The exact compensation may vary based on skills, experience, training, licensure and certifications and location.Base Pay RangeMinimum : $94,500.

00 USDMaximum : $130,000.00 USDPrimary Location : Dorchester, MA, DorchesterOther Locations : Massachusetts-Dorchester,Florida-Miami,Texas-Dallas