Cyber Vulnerability Analyst & Penetration Tester II - US

Cyber Security San Antonio, Texas


Description

PRIMARY RESPONSIBILITY

  • Responsible for conducting vulnerability assessment scans, assisting with penetration testing, exposing security vulnerabilities and risks, and recommending solutions to mitigate such vulnerabilities.
  • Contributes to building and delivering services, solutions and processes that enable security defects to found, fixed or avoided before applications are released to production.
  • Tracks public and privately released vulnerabilities and assists in the corporate triage process including: identification, criticality evaluation, remediation, planning, communications, and resolution.
  • Conducts vulnerability assessment scans, exposing security vulnerabilities and risks and recommending solutions to mitigate such vulnerabilities.

KNOWLEDGE/SKILLS/ABILITY

  • Practiced experience executing, ethical hacking and penetration testing.
  • Significant knowledge regarding security vulnerabilities, application analysis, and protocol analysis.
  • Strong attention to detail.
  • Strong verbal and written communication skills.
  • Strong analytical and problem solving skills. Knowledge of and practiced experience with penetration testing and ethical hacking products.
  • Knowledge of and ability to manage vulnerability scans against a range of assets.
  • Experience devising methods to automate testing activities and streamline testing processes.
  • Practical experience with Linux and Windows operating systems.
  • Familiarity with common programming or scripting languages.
  • Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion.
  • Practiced knowledge performing vulnerability assessments against servers, workstations, web applications and other components.
  • Knowledge regarding security vulnerabilities, application analysis and protocol analysis.
  • Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools).
  • Ability to understand information security risks associated with vulnerability and penetration testing.
  • Knowledge of patching programs of major hardware/software manufacturers.
  • Knowledge of secure configuration and hardening of systems.
  • Ability to analyze vulnerabilities in order to appropriately characterize threats and provide remediation advice.
  • Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE).

JOB COMPLEXITY

  • Provides significant contributions to black box testing, source code analysis, manual pen testing, and training.
  • Schedules and executes vulnerability/ penetration testing.
  • Leads limited (in scope or complexity) engagements and provides end-to-end planning and execution for those engagements.
  • Reports out on vulnerability and penetration testing and works with business units to develop remediation plans.
  • Works closely with the Risk Management, ISOC and Intel teams. Keeps up with the changing nature of security threats.
  • Assesses the risk from not only a tactical perspective but also a strategic/global scale and apply these findings to aid in prioritizing remediation efforts.
  • Interacts with business units to discover, triage and resolve security vulnerabilities with manual and automated tools to enforce security criteria as part of a Secure Development Life Cycle on a continuous basis.
  • Researches and investigates new and emerging vulnerabilities and participate in external security communities.

SUPERVISION: General instruction on routine tasks, detailed instruction on new assignments.

MINIMUM QUALIFICATIONS

  • Bachelor’s degree in Computer Science or related field required. At the manager’s discretion, additional relevant experience may substitute for the degree requirement.
  • Typically requires 4 years Security Analyst experience with 2-4 years experience performing vulnerability assessments and penetration testing.
  • Experience applying ethical hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques.
  • Current CEH, GPEN, CISSP, and GCIA certifications preferred.

PHYSICAL DEMANDS: General office environment. May require long periods sitting and viewing a computer monitor. Moderate levels of stress may occur at times. No special physical demands required.  Occasional domestic travel, less than 10%.