The Global Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications assets while protecting customer and MetLife data. Application security is a top area of focus at MetLife. We have incorporated key industry security best practices, technologies, and integrated operating models to further strengthen our defense posture. This is an exciting time to join MetLife’s Global Application Security team as we are continuing to expand the team and invest in new capabilities. The Cyber Security Threat Hunter will assist leadership on a variety of application security focused initiatives and promote close collaboration with key global stakeholders. This is a hands-on technical role.
- Maintain knowledge of adversary Tactics, Techniques and Procedures (TTP), assess critical cybersecurity incidents and review detective/preventive controls across each stage of the Cyber Kill Chain.
- Support MetLife’s global application security program, initiatives, and activities with a primarily focus on discovering, documenting, assessing, and reporting Cyber Security threats to the organization.
- Perform Web and Mobile Application Ethical Hacking, threat assessments, Web Services penetration testing (RESTful and SOAP) using both automated and manual techniques.
- Deploy and operationalize Runtime Application Self Protection (RASP) technologies.
- Implement Application/Website inventory controls to support continuous monitoring of MetLife’s attack surface, identify threats, prioritize remediation, and report potential risks to the organization.
- Develop internal knowledge base, threat metrics, remediation progress tracking and MITRE ATT&CK patterns.
- Proficiency with the Go programming language preferred
- Must be highly analytical, articulate, excellent communication and strong presentation skills with the ability to present threats/risks to Non-Technical audiences (in a business context).
- Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls efficacy and continuous threat monitoring of MetLife’s global attack surface.
Qualification & Experience:
- Prior experience in application security testing and OSI Layer 7 analysis
- Hands on experience assessing Cyber Security threats, threat actors, trends in adversary activities, attack vectors, emerging industry risks and effective application/website security countermeasures.
- Burp Suite Certified preferred
- GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Offensive Security OSCP, OSWE or OSCE certifications preferred
- At least seven years of proactive experience in one or more of the following roles: Ethical Hacker, Cyber Threat Analyst/Hunter, SOC Analyst
Vacancy Type: Full Time
Job Location: Cary, NC, US
Application Deadline: N/A