Vice President, Security Remediation (Risk & Offensive TTPs)

No detailed description available.

• Identify vulnerabilities, exploit weaknesses, and challenge assumptions within security protocols
• Replace and extend current manual processes through automation or other appropriate techniques
• Develop and implement additional risk and performance metrics
• Design and supervise implementation of data quality controls and workflows
• Improve vulnerability discovery and risk-based prioritization models
• Collaborate on event management and treatment of emergent vulnerabilities
• Engage with peers in IT architecture and operations, security architecture, red team, effectiveness testing team, hunt team, CTI team, SOC, and other teams to identify and pursue additional opportunities for improvement
• Collaborate with data integration team to integrate additional findings and finding types into the vulnerability data model

• 10+ years of IT systems engineering or IT security engineering experience
• Bachelor's degree in computer science or cyber security preferred
• Proven experience in secure design and operations of IT systems
• Cloud security testing experience preferred both offensive and defensive
• Web API / web service development or operations experience
• Strong communicator, both verbal and written
• Commitment to advancing skills in the IT risk/security field
• Excellent problem-solving abilities and analytical mindset
• Demonstrated understanding of computer engineering fundamentals including familiarity with common offensive and defensive tactics
• Proven success in challenging operational environments including dealing with change, ambiguity and competing priorities
• Risk management experience a plus
• Web development or reversing or exploitation experience preferred
• Familiarity with IP stack and related protocols a must
• Familiarity with web services, servers and related protocols a must
• Experience in one or more of Linux, Windows, Active Directory, Azure Directory, O365
• Familiarity with one or more of BurpSuite, PostFix, Mulesoft or other API proxies, is a plus
• Familiarity with data integration systems and concepts is a plus
• Incident handling/response, malware analysis, adversarial emulation, and offensive skills are a plus
• OSCP, OSWE or OSCE certifications or equivalent demonstrated skills are a strong plus

• Competitive salary
• Bonus opportunities
• Health insurance
• 401(k) matching
• Flight privileges
• Total Rewards Program
• Volunteer Time Off and Matching Grants Programs

American International Group, Inc. (AIG) is a leading global insurance organization.