What is the general purpose of the position?
This role will support CompliancePoint’s Vulnerability Assessment and Penetration Testing Services under the larger Cybersecurity Services team.
When supporting the Vulnerability and Penetration Testing Services, this position will review the results of CompliancePoint vulnerability scanning and conduct penetration testing activities which lead to the development of client-facing reports. These reports will include a summary of the activities performed, the findings of those activities, and recommendations to mitigate the vulnerabilities and risks to the organizations systems.
As a senior team member, this position will assist with the scoping of testing projects and mentoring and support of junior team members.
- Support Sales with scoping testing projects with prospective and existing customers
- Assist the pen-test team when questions arise
- Assist in the creation of vulnerability scan or penetration testing systems (VM/Raspberry Pi) for off-site access
- Perform penetration tests on computer systems, wired and wireless networks and web and mobile applications
- Create new testing methods to identify vulnerabilities based on CVSS
- Pinpoint methods and entry points which attackers may use to exploit vulnerabilities or weaknesses in networks or web applications
- Perform physical security assessments of systems, servers and other network devices to identify areas that require physical protection
- Search for weaknesses in common software, web applications and proprietary systems
- Research, evaluate, document and discuss findings with IT teams and management
- Document findings and remediations based on risk in customer reports
- Review and provide feedback for information security remediations
- Provide security recommendations to customers to improve their security risks
- Stay updated on the latest attack methods and security threats
- Additional duties, as needed
Job may require light travel to client sites and interaction with client employees, but most work will be completed remotely.
To be successful in this position, the candidate must have:
- Ten years of security relevant IT security experience
- Have strong understanding of the NIST, OWASP and CEH attack methodology models
- Knowledge of vulnerability scanning and penetration test methodologies
- Experience with Testing security web applications,
- Skills in Bash, Java, Perl, Python coding languages
- Strong TCP/IP and network skills
- Low level skills in security testing of Windows, Mac, Unix, and Linux operating systems
- Experience investigating security threats within corporate, datacenter and cloud environments
- Comprehensive knowledge of computer security, including forensics, systems analysis and more
- Knowledgeable in common cyber threat attack methodologies
- Continuously obtaining Insights into how hackers exploit the human element to gain unauthorized access to secure systems
- Exceptional problem-solving skills
- Documenting and report writing skills
- Communications skills to document and share your findings
- Certified Ethical Hacker (CEH), Global Information Assurance Certified Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP) or equivalent certification(s) strongly preferred
We offer salary plus benefits package, including paid vacation and holidays, medical / dental /vision / supplemental insurance, Flexible Spending Account, gym membership package, travel reimbursement and a 401K plan with matching. Our business casual office is located in Duluth, GA.
A Different Kind of Consulting & Audit Company
The difference is simple — we understand the importance of compliance and risk mitigation at a procedural level. That comes from our history of successful consulting and audit engagements, including those for many Fortune 500 firms and global industry leaders.
But more importantly, we understand the impact non-compliance and risk exposure can have on businesses.
We collaborate with companies to design and implement strategies, processes, and procedures that help mitigate risk, reach compliance goals, protect data assets, and meet industry standards.
“Enable responsible customer interaction”
“Deliver world class services and technology helping customers manage risk within privacy, information security, and their vendor network”
To apply for this position please send an email with a copy of your resume to firstname.lastname@example.org
Does your company use email to communicate with your prospective and current customers? If so, are your emails in compliance with the CAN-SPAM requirements?