Cybersecurity Penetration Tester - Lead
Company: Santander Holdings USA Inc
Posted on: November 22, 2021
Job Family: Information Technology
Designs, analyzes and supports the company's information technology
structure, systems and processes. Acquires, designs, implements and
operates the company's information technology resources (e.g.,
computer hardware, operating systems, communications, software
applications, data, databases, etc.). Deploys, acquires, maintains
and ensures security of information technology assets. Plans and
tests processes to ensure compliance with system requirements,
business objectives, security standards and other technical
Job Function: Information Security
Develops, manages and operates security services that assess,
prioritize and mitigate information security and technology risk.
Includes cyber security threat services, access management services
and technology risk assessments. Designs network security perimeter
architecture and relevant security controls. Reviews internal and
external IT projects and applications for risk and adherence to
security policies and industry best practices. Participates on
internal security project teams to deploy security technologies and
to make recommendations for hardware/software products for future
release. Liaises with vendors for various security
infrastructure-related products and services.
Summary of Responsibilities:
The Sr. Associate, Information Security serves in a technical
capacity in evaluating and designing security solutions and works
with technicians throughout the program in implementing,
maintaining and constantly improving the information security
practice while managing and maintaining our efforts in the areas of
Information Security, Governance, Risk and Compliance. S/he
provides patches and upgrades to existing systems, designs
web-based, mobile technology, cloud, and security interface to meet
the specific needs of users, prepares operating instructions,
compiles documentation of program development, and analyzes system
capabilities to resolve questions of program intent, output
requirements, input data acquisition, programming techniques, and
- Conducts Penetration Testing (e.g., internal, external,
wireless, physical, social, etc.); Post vulnerability assessment,
work with various stakeholders to provide remediation to the
identified risks and bring the same to closure.
- Conducts walk-through of the assessment report to the
stakeholders and help define remediation plan.
- Follows a standard methodology to identify and/or detect
threats to the IT infrastructure, applications and other
- Works with various teams to follow a pre-assessment plan/ and
assessment schedule for every assessment, conduct threat
assessment, and deliver an assessment report.
- Performs technical security assessments (e.g., Windows, UNIX,
firewalls, routers, oracle, SQL server, etc.).
- Performs web application security assessments (e.g., exploiting
web app vulnerabilities such as SQL injection, cross-site
scripting, parameter manipulation, session hijacking, etc.
- Conducts vulnerability assessment on the target IT
Infrastructure, applications and related information assets.
- Interacts with partners as needed to explain work product,
security techniques, methodology and results to ensure appropriate
- Provides technical security consulting support to address
complex business and technology projects and requests.
- Conducts risk assessments to evaluate the effectiveness of
existing controls and determine the impact of proposed changes to
business processes, applications and systems.
- Promotes cross-department collaboration and communication to
ensure appropriate processes, procedures and tools are installed,
monitored, and effectively operating and alerting.
- Allocates and prioritizes security resources efficiently within
the organization managing both resources and budgets.
- Conducts security research on threats and remediation
- Develops and maintains a set of operational and forward looking
- Conducts proof of concepts, vendor comparisons and recommend
solutions in line with business requirements.
- Oversees daily monitoring of security reports to identify
issues and follow these issues to resolution.
- Oversees security projects and the security testing of new and
- Prepares system security reports by collecting, analyzing, and
summarizing data and trends; presents reporting for management
- Creates process improvement by identifying inefficiencies and
solutions for process improvements.
- Writes clear security assessment reports to document findings,
and discuss solution with IT and management teams.
- Writes clear implementation guidelines for the implementation
- Updates job knowledge by tracking and understanding emerging
security practices and standards; participating in educational
opportunities; reading professional publications; maintaining
personal networks; participating in professional organizations.
- Acts as a subject matter expert (SME) while providing
leadership, guidance, and mentorship to other team members.
- Other duties as assigned.
- Education -
- Bachelor's Degree: Computer Science or equivalent major.
- or equivalent work experience
- Experience -
- 9-12 years Experience in IT Security.
- Strong knowledge of PCI, SOX, ISO and NIST security
- Experience with managing direct reports
- Experience with penetration testing.
- Skills & Abilities -
- Knowledge of risk assessment tools, technologies, and
- Experience planning, researching and developing security
strategies, standards, and procedures
- Exceptional organizational skills and attention to detailbility
to work cooperatively in a team environment
- Demonstrate understanding of the penetration testing
methodology laid out by the following standards PTES, OSSTMM, NIST,
- Fundamental understanding of the MITRE ATT&CK-
- Fundamental understanding of scripting languages to include the
following - python and PowerShell
- Experience with penetration testing tools - Metasploit, Nikto,
SQLMAP, Responder, Nessus, netcat, etc.
- Familiarity with the command line interface of multiple
operating systems - Windows, macOS, Linux, etc.
- Working knowledge of Windows/Unix systems administration and
- Knowledge of network protocols (IPV6, DNS, HTTP, etc.) and
accompanying tools (Wireshark, TCPDump, etc.)
- Ability to work socially and efficiently in a team environment
and receive direction from the senior members
- Strong understanding of security, incident response and/or
- Proven ability to understand and analyze complex issues, then
apply experience and judgment to develop sound recommendations
especially as related to malware, eDiscovery, current
threats/attacks and/or vulnerability management
- Ability to communicate concisely, effectively and directly to
- Proven relationship building skills working with mid to senior
level management and cross-functional teams; strong understands
risks; additional focus on leadership; strong interpersonal skills;
delivers precise, accurate results to meet commitments; mentors
other team membe
- Demonstrated presentation development; tailors message as
needed; comfortable presenting to all levels; strong writing
skills; demonstrates creativity in articulating messages that
- Licenses & Certifications -
- Vendor security certifications or project management
certification, a plusAt Santander, we value and respect differences
in our workforce and strive to increase the diversity of our teams.
We actively encourage everyone to apply.Employees desiring
consideration should complete an online application, utilizing the
appropriate process as subscribed by the posting entity. Employees
should provide all pertinent information to support their
candidacy.To be considered eligible for internal posting, Santander
employees must meet all of the following eligibility requirements:
- Completion of at least one year of active service in
- Completion of at least twelve months in current position
- Be in "Good Standing"Please click here to see the full policy-
- Frequently: Minimal physical effort such as sitting, standing,
- Occasional moving and lifting of equipment and furniture is
required to support onsite and offsite meeting setup and
- Physically capable of lifting up to fifty pounds, able to bend,
kneel, climb ladders.
- This job description does not list all the duties of the job.
You may be asked by your supervisors or managers to perform other
duties. You will be evaluated in part based upon your performance
of the tasks listed in this job description.
- The employer has the right to revise this job description at
any time. This job description is not a contract for employment,
and either you or the employer may terminate employment at any
time, for any reason.
Keywords: Santander Holdings USA Inc, Lewisville , Cybersecurity Penetration Tester - Lead, IT / Software / Systems , Lewisville, Texas
Didn't find what you're looking for? Search again!