Who we are
American International Group, Inc. (AIG) is a leading global insurance organization. Building on 100 years of experience, today AIG member companies provide a wide range of property casualty insurance, life insurance, retirement solutions, and other financial services to customers in more than 80 countries and jurisdictions.
These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide retirement security.
The Red Team Engineer is an integral part of the Information Security Team. He/she will be someone who would:
- Utilize playbooks for penetration testing techniques, methodologies, and Breach and Attack simulations. This should include both collaborative and individual work efforts.
- Reference process documentation when executing penetration testing techniques and methodologies.
- Execute manual security assessments on a wide range of IT systems and products with a specific focus on circumventing and exploiting weaknesses in AIG technologies, processes, and personnel security controls to keep the company ahead of threat actors.
- Execute Proof-of-Concept penetration testing on proposed technologies for the enterprise.
- Perform thorough scoping and planning before conducting security reviews.
- Clearly document the scope of work, attack scenarios, findings, and evidence in the report.
- Keep up to date with application security trends including information security news, application security services, tools, latest breaches, patch updates, etc.
- Identify detection and mitigation opportunities for IT partners to mitigate identified exploits and improve overall security posture.
- Partner with defensive team counterparts in various exercises and to enhance security across the enterprise.
- Provide debriefs of operations, vulnerabilities, concerns, and opportunities to leadership.
Key responsibilities for this role, include but are not limited to
- Operate breach and attack scenarios by executing tactics, techniques, and procedures to simulate/emulate insurance and financial industry threat actors attacking key operating systems, applications, and networking defenses to ensure compliance with information security policies and adherence to best practices.
- In turn, these operations will be used to identify weaknesses and exploit them to derive vulnerability severities by analyzing impact and ease of exploit. Contribute to the creation of guidance and recommendations to leadership.
- Review and analyze advanced computer security incident response activities and technical investigations of information security-related incidents.
- Utilize complex hacking tools, create proof of concept exploits to mimic attackers, and document attack chains to ensure that they are well understood and can be recreated.
- Provide guidance to Information Security Engineers, other security personnel, internal technical staff (including developers, operating system administrators, and network staff), as well as leadership.
- Document and report actions on technical assessments and penetration tests. These may include identifying risks, vulnerabilities, and improvement recommendations. Share and present testing results with senior leadership.
- Perform research on emerging threats and cyber security risks. Assist with critical information security initiatives (e.g. validation testing, proof-of-concept participation, and process design).
What we are looking for
Ideally, the successful candidate will have working knowledge and the ability to demonstrate hands-on experience with the following technologies:
- Strong understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications.
- Strong understanding of Cloud architecture and security controls.
- Experience penetration testing in global environments with various legal and regulatory requirements.
- Strong understanding of security circumvention tools and techniques.
- Experience with using application security testing tools such as Burp Suite, OWASP ZAP, Appscan, Responder, Metasploit, PowerSploit, etc.
- Ability to review source code and explain mitigation controls within source code for languages including, JAVA, C, CGI, PHP, HTML, and AJAX.
- Understanding of various application development principles with a focus on Agile software development.
- Ability to review, modify and create scripts for automated testing techniques using languages such as Bash, Python, Go, Powershell, etc.
- Understanding of how various security capabilities are designed and how they function together in a heterogeneous environment.
- Ability to converse with technical security staff as well as business executives.
- Up-to-date knowledge of the security landscape pertaining to new technologies.
- Ability to positively influence the behavior of peers and build relationships with other teams.
- Self-starter, ability to work independently with minimal supervision and as part of a team.
- CISSP, GIAC GSSP, CEH, OSCP, and/or OSCE are ideal.
- 3+ years of experience in red teaming, penetration testing, etc.
- Active or previously held Security Clearance preferred.
The job can only be performed in the state location(s) listed.
A look at our benefits
At AIG, we have a 100-year legacy of working to make the world a better place. And that begins with our employees. We’re proud to offer a range of employee benefits and resources that help you protect what matters most – your health care, savings, financial protection, and wellbeing.
We provide a variety of leaves for personal, health, family, and military needs. For example, the “Giving Back” program allows you to take up to 16 hours a year to volunteer in your community.
We also believe in fostering our employees’ development and offer a range of learning opportunities for employees to hone their professional skills to position themselves for the next steps of their careers.
AIG also has a tuition reimbursement program for eligible employees to enhance their education, skills, and knowledge in areas that relate to their current position or future positions to which they may transfer or progress.