GA - Vulnerability Analyst (On - Site)
Vensure Employer Solutions
Location
Duluth, GA | United States
Job description
About Us
Founded in 2004, Vensure Employer Services provides PEO solutions and human resource outsourcing to small and mid-market businesses across the country. Through its subsidiaries, including VensureHR , the company processes more than $19 Billion in payroll and supporting more than 874,770 worksite employees. With services including payroll, medical and voluntary benefits, workers' compensation, risk management and HR administration, Vensure companies support a broad spectrum of industries, allowing small business owners to cost-effectively manage HR functions and turn their attention to growth and profitability initiatives.
Essential Duties and Responsibilities
- Work with different product and IT infrastructure teams to comprehend the business and develop the knowledge required to perform job duties and responsibilities.
- Document and formally report testing initiatives, along with remediation recommendations and validation.
- Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture, and a wide array of commercial and bring-your-own (BYO) products.
- Conduct discovery and vulnerability assessment of enterprise-wide assets.
- Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
- Develop and maintain tools and scripts used in penetration-testing, vulnerability management, and red team processes.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them.
- Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
- Regularly research and learn new TTPs using a variety of sources, and work with teammates to assess risk and implement and validate controls as necessary.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
- Occasionally attend and participate in change management policy discussions and meetings.
- Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
- Maintain and track third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
- Perform other duties as assigned.
Knowledge, Skills, and Abilities
- At least 5-7+ years' experience in information security administration, offensive tactics, monitoring and IR.
- Proficient in scripting languages such as Python, PowerShell , Bash and Ruby.
- Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
- Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
- Strong operating system knowledge across *nix, Windows, and Mac; proficient with networking protocols.
- Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
- Understanding of OWASP, the MITRE Telecommunication&CK framework and the software development lifecycle (SDLC).
Education & Experience
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
- 5-8 years of related experience required.
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- About certifications, preferably, one or more of the following: OSCP, OSCE, GPEN, GWAPT, CISSP.
Job tags
Salary