Description

Summary:
The Cybersecurity Red Team Analyst - Principal will plan and direct efforts in developing and testing tools, tactics, and procedures to emulate adversarial threats actively in use targeting the financial services industry and leads the employment of these tools in the Huntington environment. This capability provides Huntington with a means of testing security controls for effectiveness, discovering gaps in controls, and validating viability of threats for more effective prioritization of risks. The principle role will also assist the Red Team manager in assessing and developing team capabilities.

Duties & Responsibilities:

• Develop and test threat actor emulation tools, tactics, and procedures for the Red Team to employ on-demand for assessments of security controls for application, systems, and network.
• Partner with threat intelligence team to ensure Red Team capabilities and tactics accurately emulate the current threat landscape.
• Consult with cross-functional teams in project testing phases to ensure controls are in place to remediate threats and test controls as appropriate.
• Consult with cross-functional teams for architectural design and review sessions to ensure controls are in place to remediate threats and test controls as appropriate.
• Coordinate and monitor 3rd-party penetration testing engagement staff to ensure engagements meet all requirements with appropriate communications and timely and accurate reporting of results.
• Assess, train, and develop Red team members.
• Partner in developing remediation plans for findings through coordination with cross-functional teams for various application and technology system owners.
• Other duties as assigned.

Basic Qualifications:

• 7-10+ years of Cyber Security experience.
• 5-7+ years of Penetration testing/Red team experience.
• Associate's degree or 4+ additional years of equivalent experience.

Preferred Qualifications:

• Experience developing AI red team and/or AI threat emulation capabilities
• Ability to evaluate 3rd party AI red team and/or AI threat emulation capabilities
• Expert understanding of security architecture and tools
• Expert understanding of Threat Actors and their tactics, techniques, and procedures
• Advanced experience with Security Assessment Toolsets
• Advanced experience in automation and scripting of applications and systems
• Expert knowledge of relational databases and structured query language
• Expert knowledge of client/server relationships and multi-tier environments
• OSCP, GPEN, OSCE, GCIH, GXPN
• Ability to communicate clearly and concisely

Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)

Workplace Type:

Our Approach to Office Workplace Type

Certain positions outside our branch network may be eligible for a flexible work arrangement. We’re combining the best of both worlds:  in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.

Huntington is an Equal Opportunity Employer.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Note to Agency Recruiters:  Huntington Bank will not pay a fee for any placement resulting from the receipt of an unsolicited resume.  All unsolicited resumes sent to any Huntington Bank colleagues, directly or indirectly, will be considered Huntington Bank property. Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.