Adversary Simulation Specialist
Description:
LyondellBasell (NYSE: LYB): As a leader in the global chemical industry, LyondellBasell strives every day to be the safest, best operated and most valued company in our industry. The company’s products, materials and technologies are advancing sustainable solutions for food safety, access to clean water, healthcare and fuel efficiency in more than 100 international markets. LyondellBasell places high priority on diversity, equity and inclusion and is Advancing Good with an emphasis on our planet, the communities where we operate and our future workforce. The company takes great pride in its world-class technology and customer focus. LyondellBasell has stepped up its circularity and climate ambitions and actions to address the global challenges of plastic waste and decarbonization. For more information, please visit or follow @LyondellBasell on LinkedIn.yondellBasell
Basic Function
The Adversary Simulation Specialist will be responsible for testing and evaluating the security of a LyondellBasell’s networks, systems, and applications. This role involves conducting application assessments, vulnerability assessments, penetration testing, and ethical hacking to identify and exploit vulnerabilities to improve the organization's security posture. The individual will also perform adversarial emulation and simulated attacks to test security controls and identify potential vulnerabilities in the environment.
Roles & Responsibilities
Identify and mimic the tactics, techniques and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries
Conduct research, penetration testing, application and vulnerability assessments on external-facing resources and internal assets to determine risks
Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers
Research and integrate tools, processes, and techniques to improve vulnerability analysis, forensics capabilities, network and data security, and threat management
Produce assessments on cyber threats, attacks, and external incidents
Create written and verbal products for internal stakeholders to assist in proactively addressing cyber threats and mitigating risk
Participate in threat hunting activities and incident response, as needed
Stay current with the latest offensive security trends and techniques, including new exploits and vulnerabilities
Continuously evaluate and improve the organization's offensive security program
Collaborate with other members of the security team, such as Cyber Threat Intelligence team, incident responders, threat hunters and security analysts, to identify and mitigate threats
Min. Qualifications
BS or equivalent experience
5+ years related experience in one or more of the following: offensive security, red teaming, penetration testing, exploit development, cybersecurity
Effective communication skills in writing and speaking with an emphasis on report creation and sharing
Preferred Qualifications
Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
Experience writing code in one or more programming language (Python, C, JavaScript, Java, etc.)
Related certifications such as the OSCP, OSEP, GPEN or CEH
3+ years of experience on coordination and execution of Web application, network, and system penetration tests with good understanding of OWASP TOP 10
Knowledge of MITRE ATT&CK and its use within the cybersecurity community (e.g., open-source projects)
Experience with encryption protocols (i.e., SSL/TLS) and algorithms (RSA, AES, etc.)
Expertise on application security including web application penetration testing, debugging, and reverse engineering
Experience in red teaming, penetration testing, exploitation
Experience in incident response (hunt), blue teaming, and purple teaming
Must be a strong technical leader in the analysis and communication of information security vulnerabilities and their risk to an enterprise
Good project management skills and familiarity with ensuring security-by-design inside of a System Development Life Cycle (SDLC) process, GitHub Advanced Security experience is recommended
Familiarity with attack emulation/penetration tools, Tenable Nessus, Kali Linux, Metasploit, Burp Suite, Cobalt Strike, etc.#LI-MC1
Competencies
Collaborates
Cultivates innovation
Customer focus
Demonstrates courage
Drives results
Ensures accountability
Instills trust and exemplifies integrity
We Offer
We offer an environment where we encourage personal and professional growth and where you will be rewarded for your performance and results. You will have the possibility to work with specialist on all fields to develop innovative solutions and to extend your national and international network. In addition, we offer you a competitive salary and benefits package.
LyondellBasell is committed to advancing diversity, equity & inclusion (DEI) to ensure a positive experience for all employees.
Application & Contact
Please send us your resume via the application button
If you would like to learn more, please feel free to contact Martyna Piechowiak, Talent Acquisition Specialist at
#LI-MP1 #LI-Hybrid