Senior Cyber Security Engineer; OSCP

Position: Senior Cyber Security Engineer (OSCP)
POSITION SUMMARY:

Performing comprehensive penetration testing, vulnerability assessments, and risk analysis across Garmin’s global computer systems, products, and software covering web, API, infrastructure, mobile, and hardware security through ethical hacking engagements. Responsible for ensuring adherence to Garmin’s information security strategy, programs and best practice. Design, develop, and implement solutions and metrics to successfully integrate and monitor new information security and identity management systems with the existing architecture.

In addition, deploy security policies, investigate and evaluate alerts for malicious file execution attempts, and design enhanced protocols aligned with protecting corporate wide production systems. The Cyber Security Engineer II will also lead root-cause analysis efforts to determine improvement opportunities when failures occur.

ESSENTIAL FUNCTIONS:

- Perform in-depth penetration and security assessment testing for Garmin computer systems, products, and software on a global scale
- In-depth expertise with industry trusted infrastructure and development penetration tools
- In-depth expertise with security, infrastructure, software development, and application technologies
- Proficiency with various methods of reconnaissance, information gathering including network analysis, web application analysis, database analysis
- Strong understanding of: OWASP Top 10, SANS Top 25, CWE , CVSS scoring, threat modeling, MITRE ATT&CK framework
- Secure coding practices and SDLC
- Knowledge of authentication protocols: OAuth2, JWT, SAML, Kerberos, NTLM
- Conducts regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint
- Proficiency with various methods of threat modeling and vulnerability assessment including vulnerability scanners, password crackers, network protocol attacks

- Demonstrated proficiency with either the Python, Power Shell, Bash or Ruby programming language
- Expertise with industry-standard tools:
Burp Suite Pro, Nmap, SQLMap, Nessus, Nuclei, Metasploit, Crack Map Exec , Blood Hound
- Familiarity with reverse engineering tools or firmware analysis is a plus
- Willingness and capability to exceed mastery of common penetration tools toward a deeper understanding of the technology that is needed to reveal vulnerabilities that standard tool proficiency does not
- Willingness to learn or experience with device hacking / reverse engineering of products and devices
- Execute red teaming tactics:
Active Directory exploitation (Kerberoasting, AS-REP Roasting, DCSync, constrained delegation)
- Lateral movement, persistence, and evasion
- Command and control (C2) setup.

What the candidate will do:

- Internal/External Network Penetration Testing
- Cloud Penetration Testing
- Web Application Security Testing
- API Security Testing
- Mobile Application Security Testing
- IoT / Device Security Testing
- Desktop Application Security Testing
- Red Teaming Activities
- Demonstrating proficiency in diverse reconnaissance and information gathering methods, including network analysis, web application analysis, and database analysis.
- Possessing expertise in industry-standard security best practices and utilizing multiple techniques for penetration testing.
- Managing vulnerabilities and effectively communicating with system owners in English, exhibiting excellent communication skills.
- The desired candidate will have prior experience completing security assessments and generating reports.

Other Responsibilities:

- Creating and developing security assessment solutions
- Daily administrative tasks, reporting and communication with the relevant departments in the organization
- Designs and develops complex, integrated solutions to meet business requirements or enhance performance of Garmin’s security systems
- Performs and evaluates costs analyses and vendor comparisons from small through large scale projects to ensure cost-effective and efficient operations
- Measures feasibility of various approaches and makes recommendations
- Communicate effectively regarding system operations and environment changes
- Adhere to SOX, PCI, and other regulatory requirements as dictated
- Understands and avoids potential threats and drives counter measures for IT managed systems
- Ensures that all security requirements are met or exceeded
- Provides significant contributions to defining team roadmap and priorities
- Develops reliable solutions to complex problems which require the regular use of ingenuity and creativity
- Demonstrates broad understanding of Garmin's business model, including Engineering, Operations, Finance, Sales and Marketing
- Serves as a mentor and provides guidance to less experienced IT workers
- Researches new technologies and proposes cost effective solutions
- Provides innovation within area of expertise
- Facilitates team discussions and meetings
- Recognized as an expert in assigned discipline at Garmin and applies extensive technical expertise and analysis to…