Assurance Analyst Lead (Remote or Onsite)

About The Position

Requirements

• Minimum 5 years of work experience in penetration testing & application security testing
• Strong understanding of Linux and Windows administration
• Experience in performing security assessments using common offensive security tools such as: Metasploit, NetExec, Impacket, Nmap, Burpsuite, Pretender, etc.
• Knowledge of command-and-control technologies and overlay networking
• Experience in crafting spear-phishing playbooks and initial access packages
• Proficiency in PowerShell, Perl, Ruby, Python, Go, Rust, Java, or other language(s) to create penetration testing solutions
• Foundational knowledge of, and experience with, administering enterprise-level Information Technology systems including networks, virtualization, cloud, operating systems, Active Directory, etc.
• Experience with Attack Surface Management tools and processes
• Ability to work both independently and as part of a small, distributed team
• Experience in Breach/Attack simulations and tabletop exercises
• Flexibility to work outside regularly scheduled/normal business hours as required
• Commitment to security training and earning corresponding certifications
• Highly motivated and self-directed
• Excellent verbal and written communication skills
• Passion for solving complex problems and a drive for continuous learning
• Ability to prioritize, schedule and track to deadlines
• Degree in a related field or at least 5 years relevant professional experience
• US Person as defined under EAR PART 772 AND ITAR 120.15

Nice To Haves

• Technical professional security certification such as OSCP, GPEN, or similar

Responsibilities

• Perform security reviews of enterprise systems, applications, and networks in coordination with local technology and security teams to ensure effective application of security controls
• Evaluate systems and security processes to identify vulnerabilities, misconfigurations, and exploitation vectors
• Participate in and support vulnerability management processes
• Manage projects, holding teams and team members accountable
• Conduct production-safe exploitation of suspected software and hardware vulnerabilities to demonstrate business impact
• Perform periodic network traffic analysis
• Plan and develop penetration test methodologies, automations, and schedules
• Create reports and remediation recommendations based on findings
• Present findings and risks to both technical and non-technical audiences
• Provide business and data intelligence to support threat analysis
• Consume and triage cyber threat intelligence to provide current industry-related risk context
• Collaborate with business and technology managers to improve data protection processes and procedures
• Engage with vendors and third parties in security testing development and execution
• Manage and review attack surface, assigning and delegating remediation actions to the Business
• Participate effectively in data governance and risk compliance planning
• Raise incidents involving potential data loss or threats to data
• Report and provide metrics to support program objectives

Benefits

• comprehensive health
• wellness incentives
• assistance with retirement savings
• paid time off
• paid holidays
• tuition reimbursement
• performance-based bonus programs for certain positions