Crane Company is seeking an Information Security professional to join its Global Information Security Team. This role involves supporting the company’s global information security program through exploitative testing for context-based risk analysis. The ideal candidate will possess proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, attacker tradecraft, and a strong understanding of system and network administration. Prior experience in offensive security is required.
In this role, the successful candidate will collaborate closely with other Global Information Security team members, both in offensive operations and collaborative purple-team scenarios involving the SOC. This collaboration will involve testing the company’s defenses, assisting in planning exercises, and guiding the overall approach to mitigating risk and addressing security gaps.
Responsibilities and Duties:
Perform security reviews of enterprise systems, applications, and networks in coordination with local technology and security teams to ensure effective application of security controls
Evaluate systems and security processes to identify vulnerabilities, misconfigurations, and exploitation vectors
Participate in and support vulnerability management processes
Manage projects, holding teams and team members accountable
Conduct production-safe exploitation of suspected software and hardware vulnerabilities to demonstrate business impact
Perform periodic network traffic analysis
Plan and develop penetration test methodologies, automations, and schedules
Create reports and remediation recommendations based on findings
Present findings and risks to both technical and non-technical audiences
Provide business and data intelligence to support threat analysis
Consume and triage cyber threat intelligence to provide current industry-related risk context
Collaborate with business and technology managers to improve data protection processes and procedures
Engage with vendors and third parties in security testing development and execution
Manage and review attack surface, assigning and delegating remediation actions to the Business
Participate effectively in data governance and risk compliance planning
Raise incidents involving potential data loss or threats to data
Report and provide metrics to support program objectives
Qualifications and Competencies:
Minimum 5 years of work experience in penetration testing & application security testing
Strong understanding of Linux and Windows administration
Experience in performing security assessments using common offensive security tools such as: Metasploit, NetExec, Impacket, Nmap, Burpsuite, Pretender, etc.
Knowledge of command-and-control technologies and overlay networking
Experience in crafting spear-phishing playbooks and initial access packages
Proficiency in PowerShell, Perl, Ruby, Python, Go, Rust, Java, or other language(s) to create penetration testing solutions
Foundational knowledge of, and experience with, administering enterprise-level Information Technology systems including networks, virtualization, cloud, operating systems, Active Directory, etc.
Experience with Attack Surface Management tools and processes
Ability to work both independently and as part of a small, distributed team
Experience in Breach/Attack simulations and tabletop exercises
Flexibility to work outside regularly scheduled/normal business hours as required
Commitment to security training and earning corresponding certifications
Highly motivated and self-directed
Excellent verbal and written communication skills
Passion for solving complex problems and a drive for continuous learning
Ability to prioritize, schedule and track to deadlines
Required: Degree in a related field or at least 5 years relevant professional experience
Desired: Technical professional security certification such as OSCP, GPEN, or similar
US Person as defined under EAR PART 772 AND ITAR 120.15
This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.