Enterprise Technology is a global organization within Transamerica. We provide dedicated application support to Transamerica, and we bring all of Aegon's business units together through the use of technology. We provide the backbone - the infrastructure - for how everything works. We’re creating the company’s AI environment, building a flexible ‘cloud experience’ for internal hosting services, designing frameworks for data governance and management, and ensuring the security and stability of the company’s technology. In short, we enable the business units to move more quickly and deliver to our clients in the best possible way. Whether customers are interested in insurance products or annuities or financial services, we're here to ensure they don't have to worry whether their information is safe. The people we employ are incredibly diverse, both in terms of backgrounds and skill sets. There are over 1000 of us representing a dozen or so nationalities and located in the UK, the US, the Netherlands, Hungary, Spain, and Hong Kong. Our global teams are comprised of experts in areas such as application development, information security, infrastructure services, data & analytics, risk & controls, procurement, program management, and architecture. With the breadth of functions within Enterprise Technology, individuals can pursue a wide variety of careers, and we have a focus on supporting employees’ development. The most important quality in the people who join us is curiosity. A lot of what we do is problem solving, requiring colleagues to take what they know and apply it to new situations. We have many mature processes, but we’re always looking for opportunities to improve, so we want people who are naturally inquisitive and confident enough to challenge the way we do things. Technology is constantly, rapidly changing – we need you to help us continue to change with it.

This dynamic role requires broad understanding of red team operations and penetration testing principles to support Aegon’s Security program.

As a part of the Red Team within the global SOC, you will be a part of the Security Operations team responsible for unannounced red team operations and managing penetration tests. The Red Team conducts advanced adversary emulation operations to challenge assumptions and emulate cyber and criminal threat actors targeting or attacking the business.

As a Red Team member, you will participate in the design and execution of campaign-based security operations for Aegon, spanning a varying array of targets. Successful team members must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies.

To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programming. Red team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge.

What You Will Do:

  • Find new and creative ways to break technology through either Red Team or Purple Team operations
  • Plan, scope, and implement large scale covert operations that have sophisticated goals and significant impact
  • Develop new adversary tools, techniques, or methodologies
  • Threat Hunting opportunities to partner with the teams Threat Hunters, using our special adversarial talents to discover and eradicate threats
  • Engagement in all phases of Red Team security operations
  • Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
  • Perform network reconnaissance and open-source intelligence gathering
  • Configure and safely utilize attack tools, tactics, and procedures against authorized targets
  • Develop scripts, tools, or methodologies to enhance red teaming capabilities
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations

Qualifications

  •  Do No Harm approach: operational objectives cannot come at the expense of others
  • Growth Mindset. Excited for opportunities to solve new problems every day
  • Helpful demeanor. We are trusted adversaries and trust needs to remain strong
  • Customization of Adversarial Tools: Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF are examples
  • Defender experience and knowledge. Utilizing Splunk and finding risks
  • Web application penetration testing assessments
  • Email, phone, or physical social-engineering assessments
  • Developing, extending, or modifying exploits, shell code or exploit tools
  • Network penetration testing and manipulation of network infrastructure
  • Relevant, recent and verifiable experience in information security and adversary simulation
  • Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
  • Experience with Red, Blue, or Purple teaming exercises
  • Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
  • 3 or more years of Penetration Testing/Red Team experience
  • Ability to define and communicate complex technical risk problems, concepts and situations to multiple skill levels, including business personnel with little to no cyber experience
  • Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
  • Experience with systems such as Service Now, JIRA, and equivalent
  • Ability to fluently read, write and speak English
  • Experience with leading group discussion and presenting to varying levels and audiences
  • Self-motivated and self-management skills

Preferred

  • Strong knowledge of Penetration Testing and covert Red Team operations and Information Security demonstrated by one or more of the following:
  • Bachelor degree in Information/Cyber Security, Information Risk, Information Risk Management or equivalent experience
  • Bachelor degree in Information Systems, Computer Science, Information Management or similar four-year technical degree or equivalent experience, combined with one or more of the following:
  • Active Cyber Security certifications
  • Experience in Insurance, Payments, Banking or other Fin-Tech Industries
  • Strong preference for candidate with excellent Excel and PowerPoint skills

Working Conditions

  • This is a hybrid position requiring three days in office per week in one of our core locations (Cedar Rapids, IA and Denver, CO)
  • Minimal travel may be required for training or team meetings.
  • May require work outside of normal office hours due to global support and meetings.

Compensation:

The Salary for this position generally ranges between $100,000-$140,000 annually. Please note that the salary range is a good faith estimate for this position and actual starting pay is determined by several factors including qualifications, experience, geography, work location designation (in-office, hybrid, remote) and operational needs. Salary may vary above and below the stated amounts, as permitted by applicable law.

Additionally, this position is typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at the Company’s discretion.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

This is a hybrid position requiring three days in office per week in our Denver or Cedar Rapids hub location. Relocation assistance will not be provided for this position.


This job description is not a contract of employment nor for any specific job responsibilities. The Company may change, add to, remove, or revoke the terms of this job description at its discretion. Managers may assign other duties and responsibilities as needed. In the event an employee or applicant requests or requires an accommodation to perform job functions, the applicable HR Business Partner should be contacted to evaluate the accommodation request.