Job Description
INFOSEC
What We Do
Keep Epic's networks, hardware, and people safe from security risks. Install security measures and operate software to protect systems and information infrastructure, including firewalls and encryption programs. Document issues as they arise and assess & report any impact caused.
What You'll Do
As the Senior Manager of Offensive Security, you will have the opportunity to help mature and drive our Application Security, Offensive Security, and Vulnerability Management teams within the Information Security department to help deliver security services to the Epic enterprise.
In this role, you will
• Lead our Application Security, Offensive Security, and Vulnerability Management teams
• Develop and maintain a long-term strategic plans based on operational lessons learned and Threat Intelligence inputs
• Organize assessments and penetration testing against a multitude of targets, including workstations, servers, web applications/services, networks and games
• Define, document, and manage a framework for Security assessment work
• Manage our Bug Bounty Program
• Drive our shift left approach towards Security Empowerment
• Evangelize SSDLC practices across the organization
What we're looking for
• 7+ years experience specific to offensive security, red team, ethical hacking, and vulnerability management activities
• 5+ years managing Application Security, Offensive Security and Vulnerability Management teams
• Demonstrated experience with: threat modeling, application security, penetration testing, vulnerability management, and security consulting for application and/or infrastructure type projects
• Experience with industry standard infrastructure and application assessment tools
• Offensive security certification (OSCP, OSCE/OSCE3, GPEN, GWAPT) is a plus
• Knowledge of Secure Coding and Application Security frameworks (OWASP, SANS SWE, CERT Secure Coding) is a plus
Note to Recruitment Agencies: Epic does not accept any unsolicited resumes or approaches from any unauthorized third party (including recruitment or placement agencies) (i.e., a third party with whom we do not have a negotiated and validly executed agreement). We will not pay any fees to any unauthorized third party. Further details on these matters can be found here.
Jobcode: Reference SBJ-6kqzw8-18-119-255-198-42 in your application.