Apply now »

Senior Offensive Security Specialist

Location: 

Houston, TX, US, 77010

Req ID:  75590
Facility:  One Houston Center-130
Department:  Offensive Security
Division:  Global Business Services

LyondellBasell (NYSE: LYB) is one of the largest plastics, chemicals and refining companies in the world. Driven by its employees around the globe, LyondellBasell produces materials and products that are key to advancing solutions to modern challenges like enhancing food safety through lightweight and flexible packaging, protecting the purity of water supplies through stronger and more versatile pipes, improving the safety, comfort and fuel efficiency of many of the cars and trucks on the road, and ensuring the safe and effective functionality in electronics and appliances. LyondellBasell sells products into more than 100 countries and is the world's largest producer of polypropylene compounds and the largest licensor of polyolefin technologies. In 2021, LyondellBasell was named to Fortune Magazine's list of the "World's Most Admired Companies" for the fourth consecutive year.

Basic Function

This senior role will deliver offensive security testing across LyondellBasell, covering applications, infrastructure, cloud and OT systems. To continually maintain and improve the skills, tools, processes and approaches of the Offensive Security team. 


This role will define and execute automated and manual vulnerability assessments, identify and report vulnerabilities to prepare networked defenses and staff for the highly sophisticated targeted attacks our organization will face. 


The role will work closely with the Incident Response team, Threat Intelligence team, as well as the application developers/owners to ensure the security and reliability of critical IT and OT systems. 


Travel: 10%

Roles & Responsibilities

  • Identify and mimic the tactics, techniques and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries
  • Lead the execution of Penetration Tests, Application Security Assessments, Red and Purple teaming activities.
  • Coordinate with third parties the execution of External Penetration tests or similar activities
  • Mentor mid-level and junior specialists on the team
  • Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers
  • Foster security awareness culture, mentor team members, perform presentations and demonstrate hacking techniques.
  • Publish relevant security standards, practices, guidelines and processes
  • Research and integrate tools, processes and techniques to improve vulnerability analysis, forensics capabilities, network and data security, and threat management
  • Effectively communicate findings to stakeholders at all levels across the organization
  • Conduct research, penetration testing, and vulnerability assessments on external-facing resources and internal assets to determine risks
  • Maintain regular focus on latest industry techniques, tools and research; be able to develop and explain technical decisions and separate fact from opinion and speculation
  • Perform testing and validation of security controls
  • Support and run vulnerability management scans of the IT and OT systems (using tools like Tenable Nessus, and OT specific tools)

Min. Qualifications

  • BS or equivalent experience
  • 7+ years’ experience in one or more of the following: red teaming execution and coordination, exploit development, incident response/hunt, cybersecurity research and development, vulnerability management
  • Experience in network security
  • Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
  • Experience writing code in one or more programming language (Python, C/C++, JavaScript, Java, PowerShell, etc.)
  • Experience with the commonly used attack frameworks (Cobalt Strike, Metasploit, CANVAS, Empire, Core Impact, etc.)
  • Knowledge of ATT&CK and its uses within the cybersecurity community (e.g., Open-Source projects)
  • Must be a strong technical leader in the analysis of information security vulnerabilities
  • Good project management skills and experience acting as a project technical lead
  • Strong written and verbal communication skills

Preferred Qualifications

  • Related certifications such as the OSCP or CEH
  • 5+ years of experience on coordination and execution of Web application, network, and system penetration tests with good understanding of OWASP TOP 25
  • Experience with encryption protocols and algorithms.
  • Experience in incident response (hunt), blue teaming.
  • Ability in ensuring security by design inside of a System Development Life Cycle (SDLC) process.

Competencies

Builds effective teams
Collaborates
Cultivates innovation
Customer focus
Demonstrates courage
Drives results
Ensures accountability
Instills trust and exemplifies integrity

Must be at least 18 years of age and must be legally authorized to work in the United States (US) on a permanent basis without visa sponsorship.

 

LyondellBasell does not accept or retain unsolicited résumés or phone calls and/or respond to them or to any third party representing job seekers.

 

LyondellBasell is an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, veteran status, and other protected characteristics.  The US EEO is the Law poster is available here.


Nearest Major Market: Houston

Apply now »