Listing Description
• Conduct platform or operating system vulnerability scans and assess exposure of system to attacks or hacking. Respond to questions regarding exposure, remediation and mitigating controls to potential emergency critical vulnerabilities. Create and generate customized vulnerability and secure configuration baseline reports and dashboards as needed.
• Conduct secure configuration baseline scans such as based on Center of Internet Security (CIS) benchmarks for various technologies. Customize or create source scan files for vulnerability and secure configuration baseline scans.
• Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
• Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
• Participate in developing and testing of new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure.
• Serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.
6-8 years of related experience
Experience performing security assessments in a corporate environment and have an awareness of public or private cloud infrastructure
In-depth experience managing the security vulnerability life-cycle from detection through notification and closure whether through the determination of false positive, risk acceptance, or remediation.
In-depth experience in assessing mitigating controls if timely remediation is not feasible.
In-depth experience in analyzing false positives and validating the effectiveness of patches applied.
Experience conducting vulnerability or compliance scans and analysis against Docker images
Experience utilizing vulnerability management tools in a corporate environment
Experience conducting secure configuration baseline scanning using at least Center of Internet Security (CIS) in a corporate environment baseline scanning using at least Center of Internet Security (CIS) in a corporate environment
Experience using APIs associated with Tenable.sc (formerly Security Center) and/or Nessus scanning tools, (formerly Security Center) and/or Nessus scanning tools.
Experience creating and/or customizing scanning source files for vulnerability and secure configuration baseline scans in Tenable.sc (formerly Security Center) and/or Nessus
Experience in assessing network reachability leveraging tools such as AWS Inspector
Excellent understanding of a diverse range of technologies (such as operating system, third-party software, middleware, databases, network devices, databases etc.).
High-level critical thinking and detail analysis needed to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, secure configuration findings or threats.
Good organizational skills with the ability to take the appropriate actions, while also enforcing established security standards.
Ability to clearly and effectively communicate Information Security matters to senior leadership, management, auditors, technical staff, and end users.
Ability to work effectively and organize priorities independently
Decision-making and problem-solving skills including the ability to clearly define and resolve issues
Excellent analytical and problem-solving skills
Strong interpersonal, oral and written communication skills
Exemplary personal and professional integrity
Ability to work in a team environment
Some exposure to scripting and automation
Strong knowledge of Windows as well as UNIX operating systems.
Excellent time management skills.
Listing Details
- Salary: $130000 - $150000
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute