Red Team Analyst-IT Security

Red Team Security Analyst, Cyber Defense CNH Industrial

Through its people and brands, CNH Industrial delivers power, technology and innovation to farmers and builders all around the world. Each of its brands, including Case IH, New Holland Agriculture, Case and New Holland Construction, FPT Industrial, Capital, and Aftermarket Solutions, is a major international force in its specific sector.

The CNH Industrial Cyber Defense Team manages the security threats and vulnerabilities across all aspects of CNHs business. With a state-of-the-art Global Cyber Fusion Center located in Sioux Falls, you will be operating and growing a foundational Cyber Defense capability for enterprise and operational technologies technologies that support plant operations and manufacturing equipment that enable delivery of CNH vehicles, equipment, and products.

We are seeking a bias-towards-action, results-oriented, motivated, and strategic leader who is focused on building processes and technologies that optimize the security posture for our organization.

In this role you will have two sets of responsibilities:

Red Team

Participate in Red Team sprints & adversary emulation exercises utilizing tactics, techniques, and procedures to accomplish defined objectives

Maintain Red Team tooling, capabilities, and procedures

Participate in regular targeted penetration tests of CNH infrastructure collaborating with business partners to understand the target & providing guidance on remediation paths

Report on weaknesses found in technology or processes to key stakeholders & business partners

Blue Team

Provide red team insights in security operations assisting Cyber Defense operations to innovate detections, threat hunting, & incident response capabilities

Execute rapid response and containment tactics on global cyber incidents, assisting senior incident responders with active investigations

Develop and implement automations, workflows, and playbooks to provide enrichments and enhance incident response capabilities

Maintain an up-to-the-minute awareness and detailed understanding of modern and emerging threats & vulnerabilities, especially as they relate the agriculture and manufacturing space

Leverage Red Team expertise to maintain an educational environment where knowledge of offensive tactics & techniques is transferred to the defense group

Requirements and Qualifications:

3+ years of experience in information security, cyber defense, penetration testing, or collaborative red teaming

o Note: A four-year degree from an accredited college or university in a related field (e.g. computer science, cyber security, information systems or technology, or science, engineering, or math disciplines) may substitute for up to two years of required experience.

Relevant technical certification(s) (PJPT, GPEN, CISSP, SEC+, OSCP, etc.) and/or the desire to pursue additional certifications as required

Experience with the MITRE ATT&CK, offensive FOSS tools (Kali, Bloodhound, Metasploit)

Ability to think critically, work in group settings and be proactive in pursuing research and problem-solving with minimal supervision

High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences