Sr. Security Engineer - Fortalice Solutions United States Bookmark Share Print 43 0 1

Listing Description

Job purpose

This position reports to the Director, Offensive Cybersecurity Operations and works as a member of the Offensive Cybersecurity Operations Team to discover security defects incommercial and government clients' systems and networks, define acceptable solutions to fix said defects, and support efforts to develop new cyber capabilities and methodologies. This position requires the engineer to think outside of the box and see problems through the eyes of an adversary with the intent of improving clients’ cybersecurity. 

Company Standard Duties and Responsibilities

● Ensure all work and client deliverables are done with excellence.

● Ensure work and client deliverables are completed promptly and all deadlines are met.

● Treat subordinates, peers, and supervisors with kindness, consideration, and respect.

● Adhere to the Doctrine of Completed Staff work.

● Continuously provide clients and partners with white glove service.

Priority Duties and Responsibilities (OCO/Security Engineering)

● Interface with clients to determine and understand their needs.

● Participate in and lead efforts to develop new cyber capabilities and methodologies, such as vulnerability management systems, firewalls, intrusion detection systems, or log management infrastructure.

● Perform a full range of penetration tests, including network, system, web application, social and IoT devices.

● Review and critique system and network security solutions, applying your knowledge and experience to evaluate compliance with operational and mission requirements, such as scalability, maintainability, security, reliability, flexibility, availability, and manageability.

● Develop detailed reports on findings and remediations.

● Lead security engineering (blue team) activities and engagements to include incident response.

● Communicate security defects and risks to clients, ensuring they have a thorough

understanding.

● Provide for root cause analysis and incident management investigation.

● Deliver solutions and services to customers by emulating modern attacker tools, techniques and procedures (TTPs) to evaluate clients’ abilities to detect and appropriately respond to penetration testing (red/blue/purple) engagements.

● Lead and execute external/internal vulnerability assessments.

● Identify web application vulnerabilities.

● Lead and execute numerous IT general control audits.

● Provide recommendations to effectively remediate discovered vulnerabilities.

Other Key Duties and Responsibilities

● Communicate security risk to ISOs to document security issues and controls for security

planning purposes.

● Provide input and subject matter expertise for proposals.

● Perform various social engineering assessments, including spear phishing email attacks.

● Work with the development team responsible for Security APIs in individual lines of

business to help create the APIs roadmap based on dynamic testing.

● Actively engage in business development activities and opportunities.

● Keep abreast of the current cybersecurity trends and competitive landscape.

● Recommend new procedures and policies on an as-needed basis.

● Provide ad hoc penetration testing for defects/issues identified as needed.

● Develop and review malicious use cases/threat models.

● Maintain a broad understanding of security technologies and products.

Qualifications

Education Requirements

o A master’s degree in cybersecurity or a related field and five (5) years of relevant experience OR a bachelor’s degree in cybersecurity or a related field and seven

(7) years of relevant experience OR a high school diploma and ten (10) years of relevant experience.

o One or more security certifications are required: GWAPT, OSCP, OSCE, OSWE, OSEE, CSSLP, GWEB, GPEN, GMOB, eWPT, eWPTX, eCPPT, eMAPT.

● Minimum of five (5) to seven (7) years of

o Information Security Engineer/Consultant experience with application penetration testing

o Demonstrated experience with automated penetration tools.

o Demonstrated experience with manual penetration testing tools.

Skills and Qualifications

o Advanced level of experience with

▪ System vulnerability detection and mitigation.

▪ Creating and communicating reports regarding web application vulnerabilities to various levels of personnel.

▪ Security tools such as Metasploit, Burp Suite, Kali Linux, AppScan, Fortify, Inspect, etc.

▪ Experience with different development language frameworks (.NET, C, Java, CC++, PHP, etc.).

▪ Experience in the following areas: Threat Modeling, Security Architecture, Social Engineering, Physical Security, Application Development.

o Ability to complete complex tasks with minimum supervision.

o Demonstrated detail-oriented self-starter with the ability to work independently with limited supervision or direction in collaborative team environments.

o Strong ability to multi-task and manage varying priorities and projects.

o Excellent written and oral communication skills (both internal and client-facing).

o Previous consulting experience required.