About the Company:
Our client is a rapidly growing financial consulting firm that works with a robust clientele and strategically positioned to assist through a range of routine and complex business scenarios. They are looking to hire a Security Analyst/Penetration Tester to be the leader of this new division/service offering within Cyber Security.
- Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met
- Work with client resources on vulnerability management engagements ranging from vulnerability scanning to remediation consulting
- Effectively communicate vulnerability findings and remediation strategy to client stakeholders including client leadership and technical security team resources
- Manage consultants, train staff and external clients as necessary
- 3 – 10 years’ experience in Cyber Security focused role
- Expert penetration testing capabilities
- Experience performing automated and manual hands-on vulnerability testing, identifying security risks within target systems and developing key recommendations to remediate identified vulnerabilities
- Thorough understanding of open security testing standards and projects such as OWASP
- Experience with testing tool set solutions, such as Qualys, Tenable, Rapid7, Metasploit, Burp Suite, Kali Linux, etc.
- Knowledge of core cloud service provider (AWS, Azure, GCP) security practices and experience using security testing tools against resources in these cloud environments
- Experience with covert computer network exploitation and red team exercises
- Experience with enterprise secure code analysis solutions such as Veracode, CheckMarkx, AppScan source, etc.
- Core understanding of cryptography and key management concepts
- Experience with key network security components, including firewalls, intrusion detection systems, anti-virus/anti-malware solutions, authentication systems, logging management systems, content filtering, etc.
- Deep understanding of key web application security vulnerabilities, such as Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF)