The Senior Engineer role for Cybersecurity Vulnerability and Threat Management actively protects the availability, confidentiality, and integrity of customer, employee, and business information. This is accomplished through performing three major functions: 1) Penetration Testing, 2) System/Network Vulnerability Scanning, and 3) Application Vulnerability Scanning. The role will, within these functions, identify key vulnerable areas, report on these vulnerabilities, and provide recommendations around remediation. These functions will contribute to measuring overall risk. This position will interact with all levels of technical and business personnel to provide security analysis and recommendations while remaining sensitive to business requirements.
- Daily operations of company vulnerability scanning tools and supporting infrastructure.
- Support the technical analysis and recommendations for remediation of OS and Network
- Support regulatory and productivity reporting using detailed data gathering and analysis
- Conduct formal penetration tests for PCI compliance on systems, networks and applications to identify weaknesses and or vulnerabilities using approved standard methodologies .
- Create written reports, detailing assessment findings and recommendations
- Understand and operate application security vulnerability scanning tools and report on findings
- B.A. or B.S. from a four year accredited university
- Five years of related industry experience
- Solid understanding of security controls assessment techniques and computer networking
- Familiar with penetration testing tools such as Metasploit, Nikto, Proxy Scanners
- Practical experience with Linux and Windows operating systems
- Understands the fundamentals of web applications including authentication, session management, requests, form submittal, etc.
- Understanding and ability to exploit Cross Site Scripting, SQL injection, and other common vulnerabilities
- Experience in exploit development is a plus
- Knowledge of Systems Development Life Cycle (SDLC)
- Understanding of secure coding practices Track and report on Key Performance Indicators (KPI’ s) for website and application operations
- Familiarity with common programming or scripting languages, i.e. bash, PHP, Perl, etc.