Ethical Hacker Manager in Secaucus, NJ at Quest Diagnostics

Date Posted: 7/3/2020

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    500 Plaza Drive
    Secaucus, NJ
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    7/3/2020
  • Job ID:
    req43696

Job Description

Look for more than answers.

Patients and Physicians rely on our diagnostic testing, information and services to help them make better healthcare decisions. These are often serious decisions with far reaching consequences, and require sensitivity, tact and a clear dedication to service. It’s about providing clarity and hope.

As an Ethical Hacker Manager you will work for the world leader in the industry, with a career where you will have the opportunity to collaborate and affect change while expanding your leadership skills and technical knowledge. You can make a real impact in a market that is growing and developing.

This will be an on-site position working from our Global Headquarters in Secaucus NJ.  

Ethical Hacker Manager, the role:

The Ethical Hacker Manager sets the policy and direction of proactive ethical hacking assessments to identify weaknesses and vulnerabilities in target systems by emulating malicious hacker techniques in a lawful and legitimate manner to assess the security posture of target systems.

As the Ethical Hacker Manager, you will have the opportunity to stand up an emerging discipline at Quest and will take ownership of drafting appropriate administrative documentation, including detailed standard operating procedures, incorporating best practices, and metrics.

To ensure success, you will have advanced knowledge of computer and internet security systems and tenacious problem-solving skills. This role is part of Quest’s Cyber Threat Division.

Job responsibilities:

•         Perform complex ethical hacking assessments and penetration testing against target systems, including mobile devices, servers, web services, web applications, and wireless networks.

•         Conduct Threat Modeling to identify valuable assets, prioritize vulnerability and attack vectors associated with those assets, and address the most likely threats.

•         Define, document, and follow a structure process to conducting comprehensive ethical hacking assessments.

•         Produce detailed reports describing vulnerabilities/risks and provide concise guidance to stakeholders to support remediation.

•         Coordinate with development and other application teams to provide mitigation recommendations, education, and ensure vulnerabilities are effectively resolved.

•         Serve as an application security subject matter expert for projects.

•         Investigate infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.

•         Provide A/B Testing subject matter expertise to project team members.

•         Conduct multiple penetration testing activities spanning all categories of offensive and defensive security (Red Team, Network, Web Application, Client Side, Wireless, Social Engineering, Dumpster Diving)

•         Present strategic-level briefings/products to Leadership. 

•         Serve on the Quest Cybersecurity Incident Response Team (CSIRT); assist with Incident Response activities (investigation, mitigation, attribution) and other special projects.

•         Research Company's systems, applications, network structure, and possible penetration sites.

To qualify, the ideal candidate will have the following skills and experience:

•         3+ years of IT Security experience specific to ethical hacking.

•         Demonstrated experience in the following areas: threat modeling, application security, penetration testing, vulnerability management, and security consulting for application and/or infrastructure type projects.  Experience with industry standard infrastructure and application assessment tools such as, Qualys, Nessus, Burp, Metasploit, Core Impact, Aspect Contrast, Threat Intelligence Platforms.  

•         Familiarity with regulatory and industry security frameworks and best practices such as NIST, OWASP, PCI, SANS.  Additionally, experience in planning, implementing and/or supporting the processes associated with the use of these methodologies. 

•         Expert knowledge of at least one programming language, including one of the following: JavaScript & Ruby, PHP, Perl, Python.

•         In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.

•         In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.

•         GXPN, GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications

•         Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.

•         Experience with IDS/IPS, honeypot, and firewall evasion.

•         Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities.

•         Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).

•         Develop low-level tools that improve security testing and monitoring

•         Advanced knowledge of networking systems and security software.

•         Technical knowledge of routers, firewalls, and server systems.

Additional preferred qualifications:

•         Bachelor’s degree in Information Technology or Computer Science, or equivalent experience; Master’s preferred.

•         Inherent passion for information security and service excellence.

•         Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives.

•         Familiarization with containerization technologies including Docker and Kubernetes.

•         Quantified record of identifying zero-day vulnerabilities and collection of points/rewards.

•         Strong analytical skills to identify and analyze security requirements and relate them to appropriate security policies, standards and/or controls. Ability to ensure that applications and infrastructure are designed, built and maintained in accordance with corporate, IT and Security policies and standards.

•         Ability to ensure that technical solutions effectively meet and support business needs.  Proven ability to handle and prioritize multiple assignments, often within limited time constraints.

Apply Today

Join us for competitive benefits and development opportunities in a progressive and supportive environment. Help us improve our service, and the experiences of our patients and colleagues. Work with us and together we can be better.

Your Quest career. Seek it out.

All requirements are subject to possible modifications to reasonably accommodate individuals with disabilities. Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity or Citizenship.

If you’re interested in career opportunities, but not ready to apply, join our talent network to stay connected to us and receive updates on the latest job opportunities and company news.

Group of people