Duties and Responsibilities:
Performs network and application technical vulnerability assessments using vulnerability assessment tools.
Performs penetration testing activities to detect vulnerabilities and attack chains.
Utilizes penetration testing skills to conduct analyses to gather deeper situational awareness and provide greater security insight of the environment.
Lead the Security Awareness efforts, including facilitating presentations on topics of relevance, evaluating and implementing awareness training
Assist in network security efforts including Data Loss Prevention, Intrusion Prevention and SIEM analysis
Test security measures including OS patches, system hardening, and application configuration
Monitor, review and troubleshoot alerts
Review, interpret and adapt customer, regulatory and corporate security and compliance requirements into technical design options
Apply knowledge of technical, analytical skills to ensure the confidentiality, integrity, and availability of all information systems assets and ensure compliance with company policies, procedures, contractual, and regulatory requirements.
Produce security policies, standards, and guidelines
Perform security research
Produce security risk advisories based on newly identified threats and risk assessment
Assist in performing IT audit, third party evaluations, and risk assessment activities
3+ years work experience in Information Security in an enterprise network
Bachelors degree in Information Technology, Computer Science or a related discipline, or equivalent work experience
A recognized information security certification or accreditation such as Security+, CISSP, or CEH is a plus.
Knowledge, Skills and Abilities:
Fundamental understanding of penetration testing techniques and technologies
Fundamental understanding of application development security concepts such as OWASP Top 10 Vulnerabilities
Fundamental understanding of Active Directory administration and Windows authentication
Fundamental understanding of security technologies such as SIEM, IDS/IPS, Web filters, two factor authentication, web application firewalls
Fundamental understanding of Malware detection, analysis, exploitation, containment, and eradication techniques experience
Experience with systems analysis including, but not limited to: Gathering requirements from stakeholders, Constructing RFP/RFQs, devising and planning proof-of-concepts, defining use and test cases, driving critical security infrastructure projects, creating cogent status reports for senior management, strong technical understanding of vulnerabilities, and how attackers can exploit vulnerabilities to compromise systems.
Excellent verbal, written, and presentation skills; in particular, demonstrated ability to effectively communicate technical and business issues and solutions to multiple organizational levels internally and externally as needed
Knowledge of security frameworks and governance such as NIST, ISO27000 series, HIPAA, GDPR, PCI-DSS
Solid analytical and problem solving skills; ability to think strategically and turn ideas into actions
Familiarity with Project Management concepts.
Familiarity with scripting languages such as Python
Ability to work with little supervision and consistently deliver results