Cybersecurity Engineer

• Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls. Test procedures may cover a wide range of systems such as but not limited to IP network discovery, password length requirements, password complexity requirements and vulnerability exploitation.
• Understanding of APT TTPs and how to replicate their attack methodology.
• Write penetration testing rules of engagements, test plans, standard operating procedures, and reports.
• Thoroughly document exploit chain/proof of concept scenarios.
• Research and remain up to date with new threats and adversary emulation methodologies.
• Ability to test web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
• Hands-on experience with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex: BurpSuite Pro, Nmap, Metasploit, Cobalt Strike).
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Knowledge and understanding of the MITRE ATT&CK Framework.
• Experience developing detailed penetration testing reports that can speak to multiple audience types.
• Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
• Must be willing to travel as needed (10%)

• Verifies if vulnerabilities are actual threats or false positives.
• Creates plans to remediate and track vulnerabilities with system owners.
• Stays abreast of the latest security threat and vulnerabilities.
• Maintains a positive, customer-centric attitude.
• Has strong problem solving and organization skills.
• Builds and maintains excellent relationships with internal customers.
• Is a self-starter and can regularly produce results with minimal supervision.
• Has strong presentation and communication skills

• Bachelor’s degree in technical field (Computer Science, Computer Engineering, Information Systems, Information Systems Security) or equivalent background and experience
• Experience in security engineering, system and network security, authentication, and security protocols, applied cryptography, and application security
• Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
• 8+ years in a cybersecurity vulnerability/penetration tester position.
• Knowledge of OWASP, MITRE ATT&CK, and SANS Critical Controls
• Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
• Experience with common commercial and open-source penetration tools such as Kali Linux, BurpSuite Pro, Metasploit, password cracking tools.
• The following certifications are strongly preferred.
• Offensive Security Certified Professional (OSCP)
• Certified Penetration Tester (GPEN)
• Web Application Penetration Tester (GWAPT)
• Certified Information Systems Security Professional (CISSP)

Findlay OH Main Bldg

Denver CO, Houston TX, San Antonio TX

00000494

539 S Main St

Full time

Regular