All Locations /
Verafin is a cutting-edge software company focused on delivering next generation fraud and money laundering solutions to financial institutions across North America. We have an opening for a Security Specialist (Red Team). The Red Team emulates real world adversary activities in order to improve Verafin’s overall security. This team requires thinking like an attacker while understanding the various levels of defensive technologies and their effectiveness. The Red Team develops in depth attack plans that focus on compromising Verafin, testing existing defences or assisting in building new defences based on real attack data. This position requires very strong communication skills, in-depth technical knowledge of a wide variety of technology, knowledge of offensive security tactics and techniques, and a deep desire to continuously learn.
Duties & Responsibilities
- Working with the red team testing engagements beginning to end (design, proposal, execution, recommending remediations, communicating findings in reports and presentations, and assisting with remediation of findings)
- Perform internal and external penetration tests
- Assist with threat modelling and design of secure infrastructure and application features
- Perform security assessments of current and future architecture, implementations, code changes, and configuration changes
- Provide security support for software development
- Educate other teams on applicable security best practices
- Assist with incident response and continuous improvement of incident responses processes
- Assist with vulnerability management
- Provide guidance and mentorship to security peers
Essential Skills & Qualifications
- Proven track record in red teaming or penetration testing
- Security certifications (OSCP, OSWE, GPEN, GXPN, GWAPT, CEH or similar)
- Excellent writing and report skills
- Experience simulating real-world attacker TTPs for network, application, social, physical security
- Expert level experience in software development or cloud infrastructure (AWS),
- General familiarity with defensive tools (firewalls, IPS, DLP, …) and evasion tactics
- Experience with scripting and automation
- Experience with application fuzzing
- Knowledge of infrastructure as code (such as Terraform)
- Knowledge of OS and container hardening
- Knowledge of secure coding best practices for Java, web applications, scripting
- Strong understanding of networking concepts and Information Security, including emerging threats and attack methodologies
- Solid ability to analyze threat actor TTPs at a highly detailed level
- Desire to be a continuous learner and pursue self-improvement opportunities
This job posting will close on Thursday May 6th 2021.
Industry and on-the-job training is provided for all roles at Verafin.
Verafin places a high value on building a diverse team, candidates of all backgrounds are encouraged to apply.
Please note: we frequently see our jobs posted on job aggregators, which are essentially search engines for jobs. Generally those sites ask you to use their sites to apply for the posted job and they do not send us the application. As a reminder, the the only way to apply for a job with Verafin is on our site www.verafin.com/careers. We look forward to reviewing your application.