What is the general purpose of the position?
This role will support CompliancePoint’s Vulnerability Assessment and Penetration Testing Services under the larger Cybersecurity Services team.
When supporting the Vulnerability and Penetration Testing Services, this position will review the results of CompliancePoint vulnerability scanning and conduct penetration testing activities which lead to the development of client-facing reports. These reports will include a summary of the activities performed, the findings of those activities, and recommendations to mitigate the vulnerabilities and risks to the organizations systems.
- Assist in the creation of vulnerability scan or penetration testing systems (VM/Raspberry Pi) for off-site access
- Perform penetration tests on computer systems, networks and applications
- Create new testing methods to identify vulnerabilities
- Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
- Perform physical security assessments of systems, servers and other network devices to identify areas that require physical protection
- Search for weaknesses in common software, web applications and proprietary systems
- Research, evaluate, document and discuss findings with IT teams and management
- Review and provide feedback for information security fixes
- Establish improvements for existing security services, including hardware, software, policies and procedures
- Identify areas where improvement is needed in security education and awareness for users
- Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity)
- Stay updated on the latest malware and security threats
- Additional duties, as needed
Job may require light travel to client sites and interaction with client employees, but most work will be completed remotely.
To be successful in this position, the candidate must have:
- Five to ten years of security-relevant IT experience
- Have strong understanding of the OSI model
- Knowledge of vulnerability scanning and remediation methodology
- Experience with Windows, Mac, Unix, and Linux operating systems
- Experience investigating security threats within corporate, datacenter and cloud environments
- Comprehensive knowledge of computer security, including forensics, systems analysis and more
- Knowledgeable in common cyber threat terminology and methodologies
- Continuously obtaining insights into how hackers exploit the human element to gain unauthorized access to secure systems
- Exceptional problem-solving skills
- Communications skills to document and share your findings
- Certified Ethical Hacker (CEH), Global Information Assurance Certified Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP) or equivalent certification(s) strongly preferred
We offer salary plus benefits package, including paid vacation and holidays, medical / dental / vision / supplemental insurance, Flexible Spending Account, gym membership package, travel reimbursement and a 401K plan with matching. Our business casual office is located in Duluth, GA.
A Different Kind of Consulting & Audit Company
The difference is simple — we understand the importance of compliance and risk mitigation at a procedural level. That comes from our history of successful consulting and audit engagements, including those for many Fortune 500 firms and global industry leaders.
But more importantly, we understand the impact non-compliance and risk exposure can have on businesses.
We collaborate with companies to design and implement strategies, processes, and procedures that help mitigate risk, reach compliance goals, protect data assets, and meet industry standards.
“Enable responsible customer interaction”
“Deliver world class services and technology helping customers manage risk within privacy, information security, and their vendor network”
Interested applicants should send a copy of their resume to email@example.com.
CompliancePoint, Inc. is an equal opportunity employer.
Does your company use email to communicate with your prospective and current customers? If so, are your emails in compliance with the CAN-SPAM requirements?