SUMMARY:
Cyber Advisors is seeking a cybersecurity professional with solid IT and security knowledge to extend the existing capabilities of the cybersecurity team. The PROJECT ENGINEER – SECURITY role is a senior-level consulting position within the Cyber Advisors Project team. This post-sales position is customer-facing and consists of the delivery of security-related projects, as well as providing consulting for security-specific services such as penetration testing and incident response.
This role requires a strong technical skill set, as well as business acumen and interpersonal skills. Being able to break down highly technical security concepts to non-technical users is critical to client success. Solving difficult problems and identifying risk is a daily function for this role.
The primary job focus for the PROJECT ENGINEER – SECURITY role is to assess, design, and implement a full stack of cybersecurity solutions for clients for enhanced risk mitigation. These services will include projects within the following areas:
- Vulnerability scanning and risk assessment
- Penetration testing of internal/external networks, cloud and web services
- Security assessment of firewall and identify management solutions
- Vulnerability management solution design and deployment
- Remediation design and deployment of security-related solutions
- Incident response for MSSP and external clients
- Physical security review and exploitability testing
- Endpoint security review and recommendations
- Social engineering exercises
- Educational presentations on security subject matter
TECHNICAL SKILLS:
- Experience with vulnerability assessment and vulnerability management toolsets.
- Strong capabilities with current penetration techniques, tools and methodology.
- Experience with social engineering through various strategies and solutions.
- Through understanding of identity management including AAA, AD/ADFS, MFA, SSO, RADIUS.
- Direct experience with anti-virus software, intrusion detection/prevention systems, firewalls, VPN, NAC, WAF and content filtering.
- Experience with incident response including design, policies, tools, forensic review and reporting.
- Knowledge of risk assessment tools, technologies, and methods.
- Experience designing secure networks, systems, and application architectures.
- Understanding of endpoint security solutions to include File Integrity Monitoring (FIM) and Data Loss Prevention (DLP).
- Experience planning, researching, and developing cybersecurity policies, standards, and procedures.
- Knowledge of scripting languages such as Python and PowerShell a plus.
- Professional experience in a system administration role supporting multiple platforms and applications.
- Knowledge of compliance requirements, including HIPAA, PCI-DSS, SOX, GDPR, and SOC (Types I and II).
- Ability to communicate network security issues to peers and management.
- Ability to read and use the results of mobile code, malicious code, and anti-virus software.
- Familiarity with the following cybersecurity products and technologies:
- o Kali Linux
- o Nessus/OpenVAS
- o Burb Suite Pro
- o EnCase/Magnet forensic toolsets
- o SIEM tools
- o MFA toolsets
- o Security Onion
- o KnowBe4
QUALIFICATIONS:
- Dedication to customer satisfaction and getting it right the first time.
- Demonstrate ability to explain complex technical concepts to a non-technical audience.
- Strong trouble-shooting skills across a broad and diverse population and environment.
- Demonstrate ability to proactively look for process improvement opportunities, challenge conventional practices, and adopt new methods and best practices. Also focused on continuous self-improvement.
- Demonstrate verbal and written communication skills; ability to communicate with all levels of the organization, clearly and concisely present issues, alternatives, and recommendation(s).
- Strong technical documentation skills, ability to clearly record key information within ticketing and knowledge base systems.
- Appreciation of internal customer business, goals and objectives, strategies, and needs.
- Demonstrate ability to manage and prioritize multiple tasks, aggressive targets and deadlines.
- Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems.
EDUACATION AND CERTIFICATIONS:
The successful candidate will hold:
- Bachelor of Science in Information Technology, Computer Science, Cyber Security or an equivalent level of work experience.
- 8+ years of successively more responsible experience as a consulting engineer.
- Security-focused certifications such as:
- o OSCP
- o CEH
- o GESC/GPEN
- o CISM
- o CISSP
- o CASP
- o CISA
WORKING CONDITIONS AND PHYSICAL EFFORT:
- • Being responsive to company/project emergencies and availability after-hours is part of this position. Some out-of-state travel might also be required.
Experience on usage of monitoring tools such as Nagios, Splunk, etc.
Familiarity with hypervisor platforms including Microsoft Hyper-V and VMWare ESX.
Experience with the Microsoft Windows 2008 -2019 Server platform, Active Directory design and security.
Exposure to eDiscovery with e-mail systems including Exchange 2007-2019, Office 365 and G Suite.
Experience with cloud platforms such as Azure, AWS, Google, etc. is ideal.
Understanding of mobile devices and how they interact with the network is a plus.
Network routing and switching experience is a plus.
Clean background for sensitive security operations.