At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed.

We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.

S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at all from Day One.

Job Description

Performs the daily operation and execution of offensive security-related tools, processes and controls related to offensive cyber initiatives.

Performs a variety of ethical hacking activities against the technical security controls and systems. Helps coordinate and deliver remediation items of identified risks and control deficiencies.

Looks for ways to optimize security processes and recommend opportunities and solutions for improvement and automation. Serves as technical and function subject matter expert across multiple security domain areas, raising awareness and communicating security risks within the company.

Supports and participates in technical investigations and training opportunities as needed.

Responsibilities

• Conduct Threat Emulation
• Conduct innovative research in cyber security
• Conduct active offensive and / or adversarial operations
• Conduct physical security assessments
• Develop custom tooling in support of Red Team operations
• Develop in-depth findings reports
• Document the impact and severity of attack chains to be presented to the lines of business
• Act as a subject matter expert to convey technical details on attacks to the blue teams

Basic Qualifications

• Bachelor's degree or equivalent work experience
• At least seven years of experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data

Preferred Skills / Experience

• Previous Red Team experience or expertise in Red Team operations / assessments
• Possesses certifications in one or more of the following Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Web Expert (OSWE), or ZeroPointSecurity (CRTO)
• Experience in writing proof-of-concept exploits and creating custom payloads and modules for common (post)exploitation frameworks and tools
• Well versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.
• Proficiency in defeating endpoint security and controls (A / V, EDR, XDR, etc.) in support of Red Team operations.
• Proficiency in one or more coding / scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C / C# / C , golang, etc.)
• Knowledge and experience with web-based application attacks
• Experience utilizing and maintaining infrastructure as code
• Previous experience performing purple-team activities
• Working knowledge of IT environment including service-oriented and IT architecture, industry trends and direction, system and technology integration, and IT standards, procedures and policies, and emerging technologies
• Extensive knowledge of technical troubleshooting
• Working knowledge of IT systems management including change control, software process improvement, and technical writing / documentation
• Working knowledge of information security architecture, security technologies, administration, audits, and network and internet security
• Working proficiency of various offensive security tools
• Ability to work cooperatively and professionally with co-workers, customers, and management
• Strong verbal and written communication skills
• Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture
• Ability to present complex material in a digestible, consumable manner to all levels of management
• Strong ability to create proof of concepts from discovered potential vulnerabilities
• Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants .

Benefits :

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work.

That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind.

Our benefits include the following (some may vary based on role, location or hours) :

Healthcare (medical, dental, vision)

Basic term and optional term life insurance

Short-term and long-term disability

Pregnancy disability and parental leave

401(k) and employer-funded retirement plan

Paid vacation (from two to five weeks depending on salary grade and tenure)

Up to 11 paid holiday opportunities

Adoption assistance

Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law