Penetration Testing – Red Team Manager

Full Job Description

Who we are

American International Group, Inc. (AIG) is a leading global insurance organization. Building on 100 years of experience, today AIG member companies provide a wide range of property casualty insurance, life insurance, retirement solutions, and other financial services to customers in more than 80 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide for retirement security.

The Penetration Testing – Red Team Manager is an integral part of the Information Security Team. He/she will be someone who would:

  • Lead and manage the team responsible for the execution of external and internal network penetration tests, web application penetration tests, as well as PCI penetration tests.
  • Manage and execute adversary and threat simulation engagements (Red Team and Purple Team) using industry frameworks as reference points to establish a strong methodology.
  • Lead conducting manual security assessments on a wide range of IT products with a specific focus on circumventing and exploiting weaknesses in AIG technologies, processes and personnel security controls.
  • Lead Proof-of-Concept penetration testing on proposed technologies for the enterprise
  • Perform thorough scoping and planning before conducting security reviews
  • Clearly document the scope of work, attack scenarios, findings and evidence in the report
  • Keep up to date with application security trends including information security news, application security services, tools, latest breaches, patch updates, etc.

Key responsibilities for this role, include but are not limited to :

  • Oversees regular offensive security assessments to include penetration tests, cloud security, physical security, purple team, wireless, and social engineering
  • Conduct technical assessments and penetration tests on key operating systems, application and networking defenses to identify weaknesses and exploit them to determine impact and severity of vulnerabilities.
  • Contribute in creation of guidance and recommendations to leadership
  • Lead the assessment strategy, approach, and methodology. This includes prioritizing multiple high priority activities
  • Document and report actions on technical assessments and penetration tests. These may include identifying risks, vulnerabilities, and improvement recommendations. Share and present testing results with senior leadership
  • Perform research on emerging threats and cyber security risks. Lead critical information security initiatives (e.g. validation testing, proof-of-concept participation, and process design). Assist in mentoring and coaching of junior staff

What we are looking for:

Ideally the successful candidate will have deep knowledge and the ability to demonstrate hands on experience with the following technologies:

  • Strong understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications
  • Strong understanding of Cloud architecture and security controls
  • Experience penetration testing in global environments with various legal and regulatory requirements
  • Strong understanding of security circumvention tools and techniques
  • Knowledge of application security testing tools such as Burp Suite, OWASP ZAP, Appscan, Responder, Metasploit, PowerSploit, etc.
  • Ability to review source code and explain mitigation controls within source code for languages including, JAVA, C, CGI, PHP, HTML, AJAX, etc.
  • Understanding of various application development principles with a focus on Agile software development
  • Ability to review, modify and create scripts for automated testing techniques using languages such as Bash, Python, Go, Powershell, etc…
  • Understanding of how various security capabilities are designed and how they function together in a heterogeneous environment
  • Ability to converse with technical security staff as well as business executives.
  • Up to date knowledge of the security landscape pertaining to new technologies.
  • Ability to positively influence the behavior of peers and build relationships with other teams
  • Self-starter, ability to work independently with minimal supervision and as part of a team
  • CISSP, GIAC GSSP, CEH, OSCP, and/or OSCE are ideal

A look at our benefits

At AIG, we have a 100-year legacy of working to make the world a better place. And that begins with our employees. We’re proud to offer a range of employee benefits and resources that help you protect what matters most – your health care, savings, financial protection, and wellbeing. We provide a variety of leaves for personal, health, family, and military needs. For example, the “Giving Back” program allows you to take up to 16 hours a year to volunteer in your community.

We also believe in fostering our employees’ development and offer a range of learning opportunities for employees to hone their professional skills to position themselves for the next steps of their careers. AIG also has a tuition reimbursement program for eligible employees to enhance their education, skills, and knowledge in areas that relate to their current position or future positions to which they may transfer or progress.

It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

At AIG, we believe that diversity and inclusion are critical to our future and our mission – creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.

To learn more please visit:

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with physical or mental disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to . Reasonable accommodations will be determined on a case-by-case basis.

Functional Area:

IT – Information Technology Estimated Travel Percentage (%): Up to 25% Relocation Provided: No AIG Employee Services, Inc.

More Information

Apply for this job

Leave your thoughts

Share this job