Cyber Vulnerability Analyst & Penetration Tester II - US

Cyber Security San Antonio, Texas


Description

PRIMARY RESPONSIBILITY

  • Responsible for conducting vulnerability assessment scans, assisting with penetration testing, exposing security vulnerabilities and risks, and recommending solutions to mitigate such vulnerabilities.
  • Contributes to building and delivering services, solutions and processes that enable security defects to found, fixed or avoided before applications are released to production.
  • Tracks public and privately released vulnerabilities and assists in the corporate triage process including: identification, criticality evaluation, remediation, planning, communications, and resolution.
  • Conducts vulnerability assessment scans, exposing security vulnerabilities and risks and recommending solutions to mitigate such vulnerabilities.

KNOWLEDGE/SKILLS/ABILITY

  • Practiced experience executing, ethical hacking and penetration testing.
  • Significant knowledge regarding security vulnerabilities, application analysis, and protocol analysis.
  • Strong attention to detail.
  • Strong verbal and written communication skills.
  • Strong analytical and problem solving skills. Knowledge of and practiced experience with penetration testing and ethical hacking products.
  • Knowledge of and ability to manage vulnerability scans against a range of assets.
  • Experience devising methods to automate testing activities and streamline testing processes.
  • Practical experience with Linux and Windows operating systems.
  • Familiarity with common programming or scripting languages.
  • Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion.
  • Practiced knowledge performing vulnerability assessments against servers, workstations, web applications and other components.
  • Knowledge regarding security vulnerabilities, application analysis and protocol analysis.
  • Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools).
  • Ability to understand information security risks associated with vulnerability and penetration testing.
  • Knowledge of patching programs of major hardware/software manufacturers.
  • Knowledge of secure configuration and hardening of systems.
  • Ability to analyze vulnerabilities in order to appropriately characterize threats and provide remediation advice.
  • Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE).

JOB COMPLEXITY

  • Provides significant contributions to black box testing, source code analysis, manual pen testing, and training.
  • Schedules and executes vulnerability/ penetration testing.
  • Leads limited (in scope or complexity) engagements and provides end-to-end planning and execution for those engagements.
  • Reports out on vulnerability and penetration testing and works with business units to develop remediation plans.
  • Works closely with the Risk Management, ISOC and Intel teams. Keeps up with the changing nature of security threats.
  • Assesses the risk from not only a tactical perspective but also a strategic/global scale and apply these findings to aid in prioritizing remediation efforts.
  • Interacts with business units to discover, triage and resolve security vulnerabilities with manual and automated tools to enforce security criteria as part of a Secure Development Life Cycle on a continuous basis.
  • Researches and investigates new and emerging vulnerabilities and participate in external security communities.

SUPERVISION: General instruction on routine tasks, detailed instruction on new assignments.

MINIMUM QUALIFICATIONS

  • Bachelor’s degree in Computer Science or related field required. At the manager’s discretion, additional relevant experience may substitute for the degree requirement.
  • Typically requires 4 years Security Analyst experience with 2-4 years experience performing vulnerability assessments and penetration testing.
  • Experience applying ethical hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques.
  • Current CEH, GPEN, CISSP, and GCIA certifications preferred.

PHYSICAL DEMANDS: General office environment. May require long periods sitting and viewing a computer monitor. Moderate levels of stress may occur at times. No special physical demands required.  Occasional domestic travel, less than 10%.

About Rackspace
We accelerate the value of the cloud during every phase of digital transformation. By managing apps, data, security and multiple clouds, we are the best choice to help customers get to the cloud, innovate with new technologies and maximize their IT investments. We have been honored by Fortune, Forbes, Glassdoor and others as one of the best places to work. Join us on our mission to build the world’s best technology services company.

More on Rackspace
Rackers aren’t all alike. We look different. We think uniquely. We are from many places and our beliefs & backgrounds vary. But, being a Racker — a valued member of a winning team on an inspiring mission – is what connects us all. Rackers are encouraged to bring their whole self to work every day, as we know that unique perspectives fuel innovation and enable us to best serve our customers & communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.