Offensive Security Engineer

At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at-all from Day One.

Job Description

Performs the daily operation and execution of offensive security-related tools, processes and controls related to offensive cyber initiatives. Performs a variety of ethical hacking activities against the technical security controls and systems. Helps coordinate and deliver remediation items of identified risks and control deficiencies. Looks for ways to optimize security processes and recommend opportunities and solutions for improvement and automation. Serves as technical and function subject matter expert across multiple security domain areas, raising awareness and communicating security risks within the company. Supports and participates in technical investigations and training opportunities as needed.

The role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days at one of the following locations:

• Cincinnati, OH

Responsibilities:

Conduct Threat Emulation

Conduct innovative research in cyber security

Conduct active offensive and/or adversarial operations

Conduct physical security assessments

Develop custom tooling in support of Red Team operations

Develop in-depth findings reports

Document the impact and severity of attack chains to be presented to the lines of business

Act as a subject matter expert to convey technical details on attacks to the blue teams

Basic Qualifications:

• Bachelor's degree in Engineering or Science, or equivalent work experience
• Five or more year of experience in information security, with a background in offensive security

Preferred Skills/Experience:

• Previous Red Team experience or expertise in Red Team operations/assessments
• Experience in writing proof-of-concept exploits and creating custom payloads and modules for common (post)exploitation frameworks and tools
• Well versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.
• Proficiency in defeating endpoint security and controls (A/V, EDR, XDR, etc.) in support of Red Team operations.
• Proficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.)
• Knowledge and experience with web-based application attacks
• Experience utilizing and maintaining infrastructure as code
• Previous experience performing "purple-team" activities
• Working knowledge of IT environment including service-oriented and IT architecture, industry trends and direction, system and technology integration, and IT standards, procedures and policies, and emerging technologies
• Extensive knowledge of technical troubleshooting
• Working knowledge of information security architecture, security technologies, administration, audits, and network and internet security
• Working proficiency of various offensive security tools
• Ability to work cooperatively and professionally with co-workers, customers, and management
• Strong verbal and written communication skills
• Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture
• Ability to present complex material in a digestible, consumable manner to all levels of management
• Strong ability to create proof of concepts from discovered potential vulnerabilities
• Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats

If there's anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits:

Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

U.S. Bank is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and other factors protected under applicable law.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $111,605.00 - $131,300.00 - $144,430.00

U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subject to the requirements of FINRA, NMLS registration, Reg Z, Reg G, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act, and/or federal guidelines applicable to an agreement, such as those related to ethics, safety, or operational procedures.

Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct and related workplace conduct and safety policies.

Posting may be closed earlier due to high volume of applicants.