Go Enterprise, contact us anytime: email, phone, or chat

  • Cyber Security Engineer III

    CME Group

    This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.

Description

Description
This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation’s critical infrastructure. The Cyber Security Engineer III – Threat Simulation will be a vital member of the Cyber Threat Simulation Team. This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.

Position Responsibilities

Conduct network penetration testing by utilizing best business practice tools including industry standard network scanning and offensive tool kits.
Perform regular red team exercises, including developing methodology for carrying out simulated adversary attacks to expose and identify vulnerabilities in the people, process, and technology defense system.
Perform cyber security assessments using both penetration testing capability as well as reviewing cyber security policies and procedures.
Participate in red team initiatives which involve intelligence driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity.
Participate in findings & observation reporting while using the appropriate rating on the CVSS scale to classify severity and prioritize remediation.
Assist cyber defense teams with critical security incident investigations.
Interface with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning.
Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities.
Position Requirements

A minimum of 5 years’ experience with penetration testing and/or red teaming operations.
Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
Must have excellent written and oral communication skills.
Must have experience with documenting cyber security assessment reports.
Expert knowledge of CVSS v3.0 rating and can accurately assess vulnerabilities based on the principal characteristics of a vulnerability.
Expert knowledgeable in Windows and Linux System hardening concepts and techniques.
Ability to translate highly technical material/knowledge to non-technical personnel.
Knowledgeable in Industry Security standards (ie: ISO27002, NIST Cyber Security Framework, etc..).
Mandatory Certifications: OSCP
Preferred Certifications: OSCE, GPEN, GXPN, CRT
Additional Job Description
Additional Job Description


Responsibilities

  • Conduct network penetration testing by utilizing best business practice tools including industry standard network scanning and offensive tool kits.
  • Perform regular red team exercises, including developing methodology for carrying out simulated adversary attacks to expose and identify vulnerabilities in the people, process, and technology defense system.
  • Perform cyber security assessments using both penetration testing capability as well as reviewing cyber security policies and procedures.
  • Participate in red team initiatives which involve intelligence driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity.
  • Participate in findings & observation reporting while using the appropriate rating on the CVSS scale to classify severity and prioritize remediation.
  • Assist cyber defense teams with critical security incident investigations.
  • Interface with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
  • Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning.
  • Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities.

Details

  • Travel No travel
  • Incentives Bonus
  • Clearance & Citizenship U.S. Citizenship
  • Remote Work Remote occasional
  • Education Bachelors Degree
  • Salary Range 110-130K

Join NinjaJobs!

Registered users get the benefit of full listing views, searches, posting options and more!

Company Ratings powered by

  • 3.4

    Overall Rating - OK


  • Culture and Values 3.5
  • Work/Life Balance 3.9
  • Senior Management 3.3
  • Comp and Benefits 3.9
  • Career Opportunities 3.3