Adversary Simulation Specialist
Fulltime | Rotterdam
Are you a passionate ICT specialist with experience in Pen-Tester and understand the value of cybersecurity for international operating companies? Are you keen on roles in which you can identify and fix security issues? Are you looking for a role with a lot of challenges and even more opportunities? Welcome to LyondellBasell…
This is LyondellBasell
LyondellBasell (NYSE: LYB) is one of the world’s largest plastics, chemical and refining companies and a member of the S&P 500. LyondellBasell (www.lyondellbasell.com) manufactures products at 55 sites in 17 countries. Our products and technologies are used to make items that improve the quality of life for people around the world including; packaging, electronics, automotive parts, home furnishings, construction materials and biofuels.
This is the role
How can we protect our company from cyberthreats? And how can we contribute to security awareness within the company? Questions we ask ourselves daily, and that’s where you come in……..
This role will define and execute automated and manual vulnerability assessments, identify and report vulnerabilities in applications, platforms and network components to prepare networked defenses and staff. The role is part of the Offensive Security Team and works closely with the Incident Response team as well as the application developers/owners to ensure the security and reliability of critical electronic systems.
Among the tasks and responsibilities are the following:
- Identify and mimic the tactics, techniques and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries
- Combine cyber threat intelligence with vulnerabilities to simulate relevant threats, evaluate client incident response (IR) capabilities, help security operations teams prepare for worst-case scenarios
- Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers
- Foster security awareness culture, mentor team members, perform presentations and demonstrate hacking techniques
- Publish relevant security standards, practices, guidelines and processes
- Research and integrate tools, processes and techniques to improve vulnerability analysis, forensics capabilities, network and data security and threat management
- Effectively communicate findings to stakeholders at all levels across the organization
- Conduct research, penetration testing, and vulnerability assessments on external-facing resources and internal assets to determine risks
- Maintain regular focus on latest industry techniques, tools and research; be able to develop and explain technical decisions and separate fact from opinion and speculation
- Improve overall cyber resilience to the next level of maturity and effectiveness
This is who you are
We are looking for a Pen-Tester who brings up to date know-how/knowledge to the playing field and has a solid track record in cybersecurity. You are passionate about your job and thrive by solving problems. Furthermore, your advisory skills go without saying and you have a clear way of explaining difficult problems to a broad audience. Finally, you are driven by results and want to be a contributor to improvements in the department.
This is what you bring
- Minimum Qualifications:
- BS or equivalent experience
- 3 years related experience with information technology, information security and application penetration testing
- Experience in one or more of the following: cyber operations, red teaming, exploit development, incident response/hunt, cybersecurity research and development
- Strong written and verbal communication skills
- Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
- Related certifications such as the OSCP or CEH
- 2+ years of experience on coordination and execution of Web application, network, and system penetration tests with good understanding of OWASP TOP 25
- Knowledge of ATT&CK and its uses within the cybersecurity community (e.g., Open Source projects)
- Experience with encryption protocols (i.e., SSL/TLS) and algorithms (RSA, AES, etc.)
- Familiarity with attack emulation/penetration tools, ie. APT Simulator and Metasploit
- Expertise on application security including web application penetration testing and debugging and reverse engineering
- Experience in red teaming, penetration testing, exploitation
- Experience in incident response (hunt), blue teaming
- A strong technical leader in the analysis of information security vulnerabilities
- Good project management skills and familiarity with ensuring security by design inside of a System Development Life Cycle (SDLC) process.
- Builds effective teams
- Cultivates innovation
- Customer focus
- Demonstrates courage
- Drives results
- Ensures accountability
- Instills trust and exemplifies integrity
This is what we offer
We offer an environment where we encourage personal and professional growth and where you will be rewarded for your performance and results. You will have the possibility to work with specialist on all fields to develop innovative solutions and to extend your national and international network. In addition, we offer you a competitive salary package.
Please feel free to call Chris de Boer at +316 48375361 for more details. Would you like to apply? Just send us your motivation and resume via the application button.
Acquisition due to this vacancy is not appreciated.