Security Operations Engineer/Pen-Testing

*We are unable to sponsor for this permanent Full time role*

*Position is bonus eligible*

Prestigious Enterprise Company is currently seeking a Security Operations Engineer with Vulnerabilities and Pen-testing experience. Candidate

is responsible for assisting with day-to-day tasks that include pen-testing, vulnerability assessments, and incident response. Responsibilities include threat modelling, identifying process gaps, and work closely with internal and external teams to address vulnerabilities based on findings from pen-tests performed. Communication skills are a must for this position. Coordinate operational and support aspects related to all information security related matters across the enterprise, including resource management and problem/situation management coordination. This is not a Full time pen-testing role.

Responsibilities

• Directs and participates in information security projects and supports team efforts for day-to-day operations
• Will act as the primary contact for all pen-testing and web application testing
• Assists in the investigation of security-related events due to malware and/or phishing attacks
• Assists with follow-up on alerts received from user-reported email, SIEM solution, and/or IDS
• Assists with managing and monitoring the EDR solution and respond to threats in the environment
• Will be part of the on-call rotation to provide support on nights and weekends if needed
• Serves as a member of the team and as a mentor to other information security team members as needed
• Assesses the current information security program and makes recommendations regarding improvements

Qualifications

• Bachelor's degree in related field or equivalent experience
• 10 or more years of work experience in IT
• 3 or more years of experience with utilizing a vulnerability scanner such as Nessus, Nexpose, Qualys, etc.
• 2 or more years of proven pen-testing experience in an Enterprise environment
• In-depth knowledge of pen-testing methodologies
• Relevant industry experience with a technical background
• Must have a deep understanding of Windows and Linux operating systems
• Must be willing to participate in an on-call rotational schedule
• Must be willing to perform pen-tests after-hours based on requirements of outside vendors
• Continually follow the threat landscape to stay on top of the latest vulnerabilities
• Pen-testing
• Vulnerability Management
• Web Application Testing
• Incident Response
• Computer Forensics
• Malware Analysis
• Ability to code in .NET or PowerShell

Preferred Skills

• Certified Information Systems Security Professional (CISSP)
• Any leading penetration testing certification - OSCP, eWAPT, eCPPT, GPEN, etc.
• Experience with vulnerability scanners
• Coding experience to include Powershell, .NET, C/C++, etc.