Internal Job Description. <p style="text-align:justify"><span style="font-size:12px"><span style="color:#000000; font-family:Helvetica, sans-serif"><b><u>Role Value Proposition</u></b></span></span></p> <p style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">The Global Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications assets while protecting customer and MetLife data. Application security is a top area of focus at MetLife. We have incorporated key industry security best practices, technologies, and integrated operating models to further strengthen our defense posture. This is an exciting time to join MetLife’s Global Application Security team as we are continuing to expand the team and invest in new capabilities. The Cyber Security Threat Hunter will assist leadership on a variety of application security focused initiatives and promote close collaboration with key global stakeholders. This is a hands-on technical role.</span></span></span></span></p> <p style="text-align:justify"> </p> <p style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="font-family:"Helvetica",sans-serif"><span style="color:black"><b><u>Key Responsibilities:</u></b></span></span></span></span></span></p> <ul> <li style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Perform Web and Mobile Application Ethical Hacking, threat assessments, Web Services penetration testing (RESTful and SOAP) using both automated and manual techniques.</span></span></span></span></li> <li style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Maintain knowledge of adversary Tactics, Techniques and Procedures (TTP), assess critical cybersecurity incidents and review detective/preventive controls across each stage of the Cyber Kill Chain.</span></span></span></span></li> <li style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Implement Application/Website inventory controls to support continuous monitoring of MetLife’s attack surface, identify threats, prioritize remediation, and report potential risks to the organization. </span></span></span></span></li> <li style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Develop internal knowledge base, threat metrics, remediation progress tracking and MITRE ATT&CK patterns.</span></span></span></span></li> <li style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Support MetLife’s global application security program, initiatives, and activities with a primarily focus on discovering, documenting, assessing, and reporting Cyber Security threats to the organization.</span></span></span></span></li> </ul> <p style="text-align:justify"> </p> <p style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"> <b><u><span style="font-family:"Helvetica",sans-serif"><span style="color:black">Essential Business Experience and Technical Skills:</span></span></u></b></span></span></span></p> <p style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"> <b><span style="color:#333333">Required:</span></b></span></span></span></p> <ul> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:#333333">7+ years of proactive experience in one or more of the following roles: Ethical Hacker, Cyber Threat Analyst/Hunter, SOC Analyst/Consultant or Application Security Vulnerability Management.</span></span></span></span></li> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Hands on experience assessing Cyber Security threats, threat actors, trends in adversary activities, attack vectors, emerging industry risks and effective application/website security countermeasures. </span></span></span></span></li> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:black">Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls efficacy and continuous threat monitoring of MetLife’s global attack surface.</span></span></span></span></li> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:#333333">Must be highly analytical, articulate, excellent communication and strong presentation skills with the ability to present threats/risks to Non-Technical audiences (in a business context).</span></span></span></span></li> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:#333333">BA/BS required with major in related field strongly preferred</span></span></span></span></li> </ul> <p style="text-align:justify"><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><b><span style="color:#333333">Preferred:</span></b></span></span></span></p> <ul> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:#333333">GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Offensive Security OSCP, OSWE, OSCE, or LPT certifications</span></span></span></span></li> <li><span style="font-size:12px"><span style="background:white"><span style="font-family:Calibri,sans-serif"><span style="color:#333333">Prior experience in application development (including Mobile), SDLC processes and source code security testing (code quality assurance) preferred</span></span></span></span></li> </ul> <p class="GSPNormal" style="text-align:justify"> </p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><u><span style="font-family:"Calibri",sans-serif">Salary Grade</span></u></b></span></span></p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:Calibri, sans-serif"><em>12T</em></span></span></p> <p class="GSPNormal" style="text-align:justify"> </p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><u><span style="font-family:"Calibri",sans-serif">Business Category</span></u></b></span></span></p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><em><span style="font-family:"Calibri",sans-serif">Information Security</span></em></span></span></p> <p class="GSPNormal" style="text-align:justify"> </p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><u><span style="font-family:"Calibri",sans-serif">Number of Openings</span></u></b></span></span></p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><em><span style="font-family:"Calibri",sans-serif">1</span></em></span></span></p> <p class="GSPNormal" style="text-align:justify"> </p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><u><span style="font-family:"Calibri",sans-serif">Contact Information</span></u></b></span></span></p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><em><span style="font-family:"Calibri",sans-serif">Jon Hesselink</span></em></span></span></p> <p class="GSPNormal" style="text-align:justify"> </p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><u><span style="font-family:"Calibri",sans-serif">Hiring Manager</span></u></b></span></span></p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><span style="font-family:"Calibri",sans-serif">Brett Venson</span></span></span></p> <p class="GSPNormal" style="text-align:justify"> </p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><u><span style="font-family:"Calibri",sans-serif">Employee Referral Award</span></u></b></span></span></p> <p class="GSPNormal" style="text-align:justify"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><span style="font-family:"Calibri",sans-serif">$1,500</span></span></span></p> <p class="GSPNormal" style="text-align:justify"> </p> <p align="left" class="GSPNormal" style="text-align:left"><span style="font-size:12px"><span style="font-family:"Times New Roman",serif"><b><span style="font-family:"Calibri",sans-serif">At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.</span></b></span></span></p>
Role Value Proposition
The Global Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications assets while protecting customer and MetLife data. Application security is a top area of focus at MetLife. We have incorporated key industry security best practices, technologies, and integrated operating models to further strengthen our defense posture. This is an exciting time to join MetLife’s Global Application Security team as we are continuing to expand the team and invest in new capabilities. The Cyber Security Threat Hunter will assist leadership on a variety of application security focused initiatives and promote close collaboration with key global stakeholders. This is a hands-on technical role.
Key Responsibilities:
Perform Web and Mobile Application Ethical Hacking, threat assessments, Web Services penetration testing (RESTful and SOAP) using both automated and manual techniques.
Maintain knowledge of adversary Tactics, Techniques and Procedures (TTP), assess critical cybersecurity incidents and review detective/preventive controls across each stage of the Cyber Kill Chain.
Implement Application/Website inventory controls to support continuous monitoring of MetLife’s attack surface, identify threats, prioritize remediation, and report potential risks to the organization.
Support MetLife’s global application security program, initiatives, and activities with a primarily focus on discovering, documenting, assessing, and reporting Cyber Security threats to the organization.
Essential Business Experience and Technical Skills:
Required:
7+ years of proactive experience in one or more of the following roles: Ethical Hacker, Cyber Threat Analyst/Hunter, SOC Analyst/Consultant or Application Security Vulnerability Management.
Hands on experience assessing Cyber Security threats, threat actors, trends in adversary activities, attack vectors, emerging industry risks and effective application/website security countermeasures.
Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls efficacy and continuous threat monitoring of MetLife’s global attack surface.
Must be highly analytical, articulate, excellent communication and strong presentation skills with the ability to present threats/risks to Non-Technical audiences (in a business context).
BA/BS required with major in related field strongly preferred
Prior experience in application development (including Mobile), SDLC processes and source code security testing (code quality assurance) preferred
Listing Details
Salary:
$125000 - $150000
Citizenship:
Not Provided
Incentives:
Bonus
Education:
Bachelors Degree
Travel:
No Travel
Telework:
Full Telecommute
About Us
NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.
Useful Links
Our Contacts
1765 Greensboro Station Pl. Suite 900 Tysons Corner Va 22102