-Performs various aspects of vulnerability assessments/penetration tests across a wide variety of platforms and technologies.
This role will also include the execution of targeted testing activities to identify weaknesses and methods in which to exploit them.
Help evolve the knowledge of adversarial TTPs and apply that knowledge when evaluating and testing corporate resources. Adherence to the highest standards of safety, ethics, and -professional conduct are critical requirements of this position.
Support project initiatives to assess vulnerabilities in IT assets (via penetration tests, social engineering, testing policies and procedures, etc.).
Gain exposure to real-world cybersecurity-related threats and how they can impact the company’s business.
-Apply existing IT technical expertise to address cybersecurity-related issues and challenges
Interact with business and IT partners across the entire business environment.
Requirements
-Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering or related field.
Strong Information Technology and Cyber Security background.
Minimum 12 years of conducting penetration testing on live corporate and production environments.
-Have a broad understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and in-depth experience in at least one area of relevant technology.
-The candidate should be analytical and creative with the ability to drive threat identification to closure.
-A strong core understanding of security tests and experience possess strong skills in both computer and networking hardware and software.
-Excellent technical expertise (in both breadth and depth), written communication skills, time management skills, and the ability to communicate effectively with numerous lines of business representatives.
Must be willing to work flexible hours, to include nights and weekends; they must also be able to travel, as required.
Experience conducting full-scope vulnerability assessments and penetration tests, including social engineering, server, and client-side attacks, protocol subversion, physical access restrictions, and web/database application exploitation
-Oil and Gas industry experience.
Experience with open source and commercial penetration testing security tools in an enterprise environment.
Proficiency with Windows, Unix/Linux, and mobile platform operating systems.
-Ability to utilize and gather Intelligence for indicators, information gathering, Operations Security, and Open Source Intelligence.
Knowledge of exploits, threat actors, and attack methods.
-Effective analytical and critical thinking skills - proven problem solving and remediation.
-Demonstrated strong practices in security engineering, network protocols, computer security, and network security.
Effective reporting, communication, and presentation skills.
Teamwork and Collaboration Experience:
Able to build and maintain relationships throughout the enterprise and to effectively engage subject matter experts as needed to ultimately draw upon the best experience base possible.
-Organizational and Customer Focus:
Able to engage and interview stakeholders requesting vulnerability management services to capture key information needed to effectively understand, clearly articulate and document the scope of a vulnerability assessment engagement.
--Excellent verbal and written communication and presentation skills, management of priorities and deliverables, and heavy interaction with numerous lines of business representatives will be required.
Risk Management:
--Comprehension of NIST technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.
-Able to identify and prioritize discovered vulnerabilities in enterprise business systems, addressing both business risks and technical risks and able to translate those risks into business language so that they can be understood by the stakeholder community.