Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Security Engineer (Penetration Tester)

InfoSec Hires

Security Engineer (Penetration Tester)

West Mclean, VA
Full Time
Paid
  • Responsibilities

    Security Engineer (Remote)

    Company background

    Founded in 2015, our client specializes in data breach response, digital forensics, and risk management consulting services to a growing list of clients ranging from small enterprises to Fortune 50 corporations, as well as federal government agencies. Their experts combine deep security knowledge and proprietary technology to rapidly provide effective incident response, attack-readiness and remediation plans for organizations. With offices in McLean, New York, Chicago, Austin, and Los Angeles and significant year over year revenue growth, they are firmly entrenched and well positioned as a leading provider of incident response and risk management services.

     

    Responsibilities for the Security Engineer include:

    • Assist firm Leadership in the development of security standards and best practices for the organization and recommend security enhancements as needed.
    • Able to conduct cyber risk assessments using frameworks or standards like NIST CSF, ISO 27001/2, PCI, or other industry measurement tools.
    • Carry out the firm’s security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach.
    • Examine and install firewalls, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.
    • Conducts periodic scans of networks to find and detect vulnerabilities.
    • Performs penetration testing to highlight or find any weaknesses that might be exploited by a malicious party, using testing tools and techniques such as, Kali, Backtrack, Metasploit.
    • Monitor networks and systems for security breaches or intrusions through a deep understanding of how malicious software works i.e.-malware, trojans, rootkits, etc.
    • Participate in forensic investigations to determine root cause and extent of the breach, in addition to providing reports and findings.
    • Conducts IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems. (mobile application testing, penetration testing, application, and security testing).
    • Performs application security testing, administration of operating and network systems and test and package client applications for inclusion on the enterprise network.
    • Ability to perform light travel requirements as needed to meet business demands (on average 30%).

       

      Qualifications for the Security Engineer include:

    • 2+ years of professional experience with risk assessment tools, technologies and methods and with Information Assurance, Information Systems/Network Security, Infrastructure Design and Vulnerabilities Assessments
    • Knowledge and experience in conducting cyber risk assessments using industry standards
    • Experience with using, administering, and troubleshooting at least two major flavors of Linux, including Ubuntu and RedHat
    • Experience with scripting and editing existing code and programming using one or more of the following: Perl, Python, ruby, bash, C/C++, C#, or Java (Desired).
    • Experience with security assessment tools, including Nessus, WebInspect, AppDetective, Hailstorm, Metasploit, Burp Suite Pro, Cobalt Strike, and Empire
    • Knowledge of application, database, and Web server design and implementation
    • Knowledge of network vulnerability assessments, Web application security testing, network penetration testing, red teaming, security operations, or 'hunt'
    • Knowledge of open security testing standards and projects, including OWASP & ATT&CK
    • Ability to read and use the results of mobile code, malicious code, and anti-virus software
    • Knowledge of computer forensic tools, technologies and methods
    • Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or equivalent years of professional experience to meet job requirements and expectations.