Back to Careers

Security Consultant

Location: 
Richardson
Date Posted: 
11/13/2017
Employment Type: 
Contract
Job ID: 
8270
Description: 

Responsibilities:

• Work with various internal business customers to coordinate, conduct, and tune network and system vulnerability scans prior to deployment and when those systems are modified within pre-production and production environments.

• Differentiate between vulnerabilities that are meaningful to the assessment and those that are not

• Understand development opportunities on how data can be correlated using functionality provided by the tools’ API

• Manage the administration and logistics of network vulnerability assessments including working knowledge of firewalls and problem solving to identify issues when they arise

• Coordinate, manage, and track remediation of identified vulnerabilities with system administrators, system owners, and IT support staff through meaningful metrics.

• Formally document and establish well-defined processes, procedures, remediation and mitigation strategies, and lessons learned from the application of system compensating controls.

• Consult with and provide technical reviews as an enterprise vulnerability management analyst to strategic initiatives and internal programs.

• Support the sustainment and operations of vulnerability assessment infrastructure through refresh initiatives and annual planning; work with vendors of utilized tools to support future enhancement and support of sought after functionality

Qualifications:

• Advanced knowledge of system, firewalls, vulnerabilities and secure software development; Experience conducting vulnerability scans and interpreting results for IT staff and leadership.

• Possess technical knowledge of cross-site scripting, SQL injection, certificate high-jacking, and related attacks; understanding of secure coding practices, systems STIGs and the effects of application hardening; hands-on experience with databases, web servers, and active web content; ability to correlate applications security events to systems to assess overall system risk posture.

• Knowledge of secure development techniques including OWASP Top 10, tools, and methodologies.

• Ability to develop and report enterprise-level metrics for vulnerabilities and remediation progress.

• Ability to understand, demonstrate, and educate stakeholders on the real-world impact of threats to vulnerabilities in a given environment.

• A firm understanding of information assurance, risk management, and IT security topics and the ability to communicate complex, technical concepts to technical and non-technical audiences.

• Excellent social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data and technical concepts to a variety of technical and non-technical audiences

• Self-driven and fully accountable for independent effort performed as part of a geographically dispersed virtual team

• Able to effectively manage multiple customer requests, assessments and meet customer expectations within established service levels.

• Ability and willingness to accept direction, support leadership vision, and to serve as a point of contact directly supporting vulnerability assessments, system owners, and executives.

• Ability and willingness to share on-call responsibilities, work non-standard hours, and travel when required. • Ability to attest to Code of Conduct and related Ethical Monitoring requirements

• Desired Qualifications:

• Practical experience administering and configuring information systems

• Working knowledge of automated vulnerability assessment tools such as Tripwire IP360, Tenable Nessus, Qualys, HP WebInspect and similar tools.

• A deep understanding of remediation and mitigation techniques of system and application vulnerabilities on an enterprise scale