Red Team Sr Security Analyst
Why join Stryker?
We are proud to be named one the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com
Our total rewards package offering includes bonuses, healthcare, insurance benefits, retirement programs, wellness programs, as well as service and performance awards – not to mention various social and recreational activities, all of which are location specific.
Know someone at Stryker?
Be sure to have them submit you as a referrral prior to applying for this position. Learn more about our employee referral program
Position Summary:
Stryker is one of the world’s leading medical technology companies and, together with our customers, is driven to make healthcare better. We offer innovative products and services in Orthopedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes. We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine. Learn more about our award-winning organization by visiting stryker.com.
A Red Team Security Analyst at Stryker is expected to have a strong understanding in multiple domains. Red Team Security Analysts in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Stryker. You will be in direct contact with teams in a variety of business verticals, giving you firsthand knowledge about how Stryker is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Stryker to find new ways to break services, processes, and technologies throughout the company.
The Red Team performs real world threat emulation with the continual goals of improving organizational readiness, providing advanced simulation for defensive teams, and assessing current control performance for critical Stryker assets.
Essential duties & responsibilities:
- Perform independent research and ongoing study to continuously develop and upskill technical knowledge and capabilities
- Perform Vulnerability Assessments and manual validation of vulnerabilities, as required
- Conduct all phases of Penetration Tests and Red Team engagements throughout Stryker independently, or as part of a team
- Create detailed Operations engagement plans and conduct associated research and scoping
- Maintain accurate logs of engagements, and step-by-step documentation of testing efforts
- Develop accurate, comprehensive reports and debriefs for both executive and technical audiences
- Present findings and recommendations to a group stakeholders, when required
- Simulate adversary Tactics, Techniques, and Procedures (TTPs) by leveraging frameworks such as MITRE ATT&CK, Cyber Kill Chain, and other sources of information
- Become familiar with all required team processes and procedures
- Develop solutions to complex problems, and make moderate to significant improvements to processes and systems to enhance operational efficiency
- Configure payloads, scripts, and tools to fulfill needs of the team
- Communicate and collaborate effectively with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings
- Keep current with the latest offensive security TTP’s as correlated with threat intelligence and industry trends
- Participate in meetings to assist and guide stakeholders in efforts, such as remediation of vulnerabilities
- Work with Blue Team members to help both teams understand and improve detection and response
- Other duties as assigned by manager
Education & special trainings:
- Bachelor’s in Computer Science or related field preferred
- Bachelor’s degree or equivalent professional experience required
- One or more security certifications preferred, see next bullet
- Hands-on certifications, specifically PJPT, eJPT, PNPT, OSCP, CPTS, eCPPT, GPEN, GWAPT, OSWA, or Burp Suite Certified Professional are strongly preferred (other certifications or training completed considered on a case-by-case basis, if based on hands-on skills)
Qualifications & experience:
- Must be able to demonstrate hands-on Penetration testing methodology in a live evaluation
- Minimum two(2) years of professional experience required
- One (1+) or more years work experience in an IT, Cybersecurity, or Software Development field required
- Prefer experience in a Red Teaming or Penetration testing role, including various types (e.g., network, AD, web app, API, cloud, iOT, Wifi, hardware, physical, social engineering, reverse engineering)
- Knowledge and understanding in two or more security domains (e.g., security engineering, system and network security, authentication and security protocols, cryptography, application security, incident response, access control, penetration testing)
- Experience with common Operating Systems (Linux, Windows Server) required, MacOS also preferred
- Strong knowledge of Networking and Active Directory fundamentals
- Prefer experience writing scripts in two or more scripting and development languages like (e.g., Bash, PowerShell, Python, Ruby, C/C++, Java, .NET, JavaScript)
- Prefer experience with cloud service providers and their offerings, especially MS Azure, and its various technologies and services
- Prefer experience with common offensive security tools (e.g., Metasploit, Burp Suite, Wireshark, C2)
- Prefer experience with adversary Tactics, Techniques, and Procedures (TTPs)
- Prefer experience in the application of Cyber Kill Chain and MITRE ATT&CK frameworks
- Prefer experience providing training and mentorship
- Prefer experience working with global and diverse teams
- Demonstrable teamwork skills and resourcefulness
Physical & mental requirements:
- Demonstrated high level of ethical standards
- Demonstrated lifelong learner that has developed skills in a variety of subjects
- Demonstrated ability to self-teach (autodidact) with resources able to gather on own
- Demonstrated tenacity and persistence over time in endeavors
- Demonstrated strong analytical skills, critical thinking capability, and curiosity
- Demonstrated ability to solve complex problems and identify Information Security solutions to challenging business problems
- Demonstrated attention to detail, willingness to follow instructions, and production of high-quality work
- Demonstrated open-mindedness and growth mindset
- Demonstrated aptitude for technical writing and strong reading comprehension
- Demonstrated strong written and verbal communication at all levels
- Strong interpersonal skills
- Excellent skills in managing/organizing tasks and time
About Stryker
Stryker is one of the world’s leading medical technology companies and, together with our customers, is driven to make healthcare better.
The company offers innovative products and services in Medical and Surgical, Neurotechnology, Orthopedics, and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 100 million patients annually.
More information is available at stryker.com