FreeHire

Berkadia

Senior Red Team Engineer III

Show

Berkadia Commercial Mortgage, LLC seeks a Senior Red Team Engineer III (Ambler, PA) to manage and conduct internal penetration tests on mission-critical internal web applications including network scanning, foot printing, fingerprinting, process enumeration, exploitation, escalation, and exfiltration. Document the results of all findings of internal penetration tests providing evidence/POC (Proof of Concepts) for each finding and how to replicate the results of each finding. Publish the results of internal penetration tests into our Vulnerability Management platform and track the progress of ongoing remediations and provide technical assistance where needed. Build and publish reports showing the following: quarterly, monthly, and yearly internal penetration testing findings and remediation data MTTR (Mean Time to Remediation) compliance metrics; applications to be tested and historical data going back 12 months; YoY trend data for each application tested; maintain the penetration testing environment including deploying the Kali Linux (or other penetration testing Operating System) to a secure jump-box location within the network and maintaining it. Maintain and update internal penetration testing documentation ensuring that it is up to date with best practices. Provide quarterly updates to our CRM (Cyber Risk Management) team regarding our compliance with NIST (National Institute of Standards and Technology) pen testing frameworks. Lead efforts with development teams to ensure that Berkadia Web Applications are implementing all required HTTP security headers. Manage and maintain all WAF (Web Application Firewall) policies and updates. Be a technical subject matter expert to mentor more junior engineers working on vulnerability remediations.

REQUIREMENTS: Bachelor’s degree, or foreign equivalent, in Electronics Engineering, Computer Science, Information Technology, or closely related field. Must have (4) years of experience conducting internal penetration tests from start to end including documentation and remediations of all findings using Metasploit, BurpSuite, Kali Linux, and nmap.

Of the (4) years, must have the following:

  • (2) years’ experience maintaining modern cloud infrastructures in AWS and Azure environments including experience with Terraform;
  • (2) years experience in Agile development, including Python, and Bash;
  • (2) years’ experience managing and deploying Docker container-based assets using Kubernetes;
  • (2) years’ experience utilizing TCP/IP networking both on-premises and in a cloud-based environment including network and web application firewall configuration.

Remote work available up to 3 days per week at employer discretion. Must live within commuting distance of Ambler, PA.

Be Part of Building the Next. Be Berkadia.

#LI-DNI

Berkadia, as an equal opportunity employer, celebrates our employees’ unique differences, which we believe drives personal and company-wide innovation and creates a people-first culture where your career can take the long view. To achieve these goals, we are committed to the full inclusion of all qualified individuals, without regard to race, religion, age, color, national origin, gender, sexual orientation, gender identity or expression, marital status, domestic partner status, military and veteran status, disability, pregnancy, parental status, genetic information, political affiliation, or any other status protected by federal, state and local laws.

In keeping with our commitment, Berkadia takes the necessary steps to provide a workplace free from harassment and discrimination, as well as access and reasonable accommodations for individuals with disabilities. If you require reasonable accommodation to take part in the interview process, please contact talentacquisition@berkadia.com.

You have rights under Federal and State employment laws. No question in this Application is intended to elicit information in violation of any such law, nor will any information obtained in response to any question be used in violation of any such law. If you apply for this role, you are acknowledging Berkadia's Application Policy and Berkadia's Privacy Policy. Please click the following links for more information about: EEOC, Employee Rights under the FMLA, EPPA.