Adversary Simulation Specialist
Description:
LyondellBasell (NYSE: LYB): As a leader in the global chemical industry, LyondellBasell strives every day to be the safest, best operated and most valued company in our industry. The company’s products, materials and technologies are advancing sustainable solutions for food safety, access to clean water, healthcare and fuel efficiency in more than 100 international markets. LyondellBasell places high priority on diversity, equity and inclusion and is Advancing Good with an emphasis on our planet, the communities where we operate and our future workforce. The company takes great pride in its world-class technology and customer focus. LyondellBasell has stepped up its circularity and climate ambitions and actions to address the global challenges of plastic waste and decarbonization. For more information, please visit or follow @LyondellBasell on LinkedIn.
Basic Function
The Adversary Simulation Specialist will be responsible for testing and evaluating the security of a LyondellBasell’s networks, systems, and applications. This role involves conducting application assessments, vulnerability assessments, penetration testing, and ethical hacking to identify and exploit vulnerabilities to improve the organization's security posture. The individual will also perform adversarial emulation and simulated attacks to test security controls and identify potential vulnerabilities in the environment.
Travel: 10%
Roles & Responsibilities
Identify and mimic the tactics, techniques and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries
Conduct research, penetration testing, application and vulnerability assessments on external-facing resources and internal assets to determine risks
Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers
Research and integrate tools, processes, and techniques to improve vulnerability analysis, forensics capabilities, network and data security, and threat management
Produce assessments on cyber threats, attacks, and external incidents
Create written and verbal products for internal stakeholders to assist in proactively addressing cyber threats and mitigating risk
Participate in threat hunting activities and incident response, as needed
Stay current with the latest offensive security trends and techniques, including new exploits and vulnerabilities
Continuously evaluate and improve the organization's offensive security program
Collaborate with other members of the security team, such as Cyber Threat Intelligence team, incident responders, threat hunters and security analysts, to identify and mitigate threats
Min. Qualifications
BE or equivalent degree
5+ years related experience in one or more of the following: offensive security, penetration testing, exploit development, cybersecurity
2+ years related experience in red/purple team
Effective communication skills in writing and speaking with an emphasis on report creation and sharing
Preferred Qualifications
Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
Experience writing code in one or more programming language (Python, C, JavaScript, Java, etc.)
Related certifications such as the OSCP, OSEP, GPEN or CEH
3+ years of experience on coordination and execution of Web application, network, and system penetration tests with good understanding of OWASP TOP 10
Knowledge of MITRE ATT&CK and its use within the cybersecurity community (e.g., open-source projects)
Experience with encryption protocols (i.e., SSL/TLS) and algorithms (RSA, AES, etc.)
Expertise on application security including web application penetration testing, debugging, and reverse engineering
Experience in red teaming, penetration testing, exploitation
Experience in incident response (hunt), blue teaming, and purple teaming
Must be a strong technical leader in the analysis and communication of information security vulnerabilities and their risk to an enterprise
Good project management skills and familiarity with ensuring security-by-design inside of a System Development Life Cycle (SDLC) process, GitHub Advanced Security experience is recommended
Familiarity with attack emulation/penetration tools, Tenable Nessus, Kali Linux, Metasploit, Burp Suite, Cobalt Strike, etc.
Competencies
Collaborates
Cultivates innovation
Customer focus
Demonstrates courage
Drives results
Ensures accountability
Instills trust and exemplifies integrity
We are LyondellBasell – a leader in the global chemical industry creating solutions for everyday sustainable living. Through advanced technology and focused investments, we are enabling a circular and low carbon economy. Across all we do, we aim to champion our employees, and unlock value for customers, investors and society. LyondellBasell places high priority on diversity, equity and inclusion and is strongly committed to our planet, the communities where we operate and our future workforce. As one of the world’s largest producers of polymers and a leader in polyolefin technologies, we develop, manufacture and market high-quality and innovative products for applications ranging from sustainable transportation and food safety to clean water and quality healthcare. For more information, please visit or follow @LyondellBasell on LinkedIn.