Position is responsible for the following:
- Compliance and vulnerability assessments.
- Develop standards and methodologies within the Cyber Security Division.
- Discover, categorize, and analyze vulnerabilities, recommend/develop remediation/mitigation strategies, and escalate security events to the appropriate support team.
Other duties include but are not limited to: Policy writing, presentations, security framework and strategy development, technical writing, participating in briefings with clients, as well as, mentoring peer engineers, and special projects as assigned by the Security Consulting Team Lead.
- Two years minimum experience required with host platform vulnerability assessment and hardening standards and methodologies.
- Experience with National Institute of Standards and Technology (NIST) guidelines.
- Preferable experience with compliance regulations, such as HIPAA and PCI.
- Candidate must have a working knowledge of host/network common vulnerabilities and exploits (CVEs, IAVAs, etc.), hacker methodologies and tactics, and the tools used.
- Candidate should have strong written and oral communication skills.
- Candidate should be a team player with demonstrated ability to work without guidance.
- Candidate should have a working Knowledge of and experience in the use of tools such as Nessus and NMap and the use and function of other commonly used security tools.
- Candidate should have a working Knowledge of the TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services.
- Candidate should have a working knowledge of network engineering and local and wide area (LAN/WAN) technologies and topologies.
- Candidate should have a working knowledge of routing protocols, switching, firewall configuration, and security best practices, etc.
- Candidate should have a working knowledge of common OS and domain structures (Red Hat Linux, Oracle/Sun, Windows, Active Directory, etc.), servers, services, and associated vulnerabilities.
- Candidate should have experience with Windows, Linux, Red Hat, etc. hosts, operating systems and applications.
- Desired Certifications: CISSP, CCNA, CISA, CISM, CEH
- Current, hands-on experience doing a combination of penetration testing, vulnerability assessments, risk assessments, compliance assessments
- Education: Bachelor’s Degree or Equivalent
- Experience: 5-10 years’
- Approximately 15% travel