Cyber Defense Infrastructure Vulnerability Senior Specialist
- Barrington, RI
In this hands-on role on the Cyber Defense - Infrastructure Vulnerability Management Team, you will be responsible for performing vulnerability, compliance scanning and analysis to aid Citizens in assessing the vulnerability portfolio and posture of its assets and reducing the attack surface for exploitation.
Working closely with business lines and infrastructure teams, you will contribute to the effort to identify, track and remediate the open vulnerabilities (technical Vulnerabilities or build compliance deviations) on systems that store, process or display Citizens data.
You must understand technology operations as well as security operations and have a keen understanding of the concept of mitigating and compensating controls.
Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters - we are open to remote employment within the United States for an experienced candidate.
- 5 or more years of progressive security industry experience with knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis and security mitigation techniques Knowledge of Cloud (AWS, Azure, etc.) and how to secure them Knowledge of Containers and Container Orchestration solutions Expert understanding of various operating systems (Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening. Subject matter expertise in at least one of the operating systems is required Knowledge of configuration management, change control/problem management, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.) Knowledge of networking fundamentals (all OSI layers) Must be well versed in at least one scripting language Ability to demonstrate manual testing experience including all of OWASP Top 10 Experience with QualysGuard Vulnerability Scanner including its API, Vulnerability Management (VM), Policy Compliance (PC), CloudView, AssetView, Cloud Agent, and other modules Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP Solid understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and other standards
Education, Certifications and/or Other Professional Credentials:
- Bachelor's degree ( Degree in Computer Science, Computer Engineering or the like preferred) One or more relevant security certifications (LPT, OSCP, GWAPT, GWEB, GCIA, GSNA, GCIH, CISSP, CISM, CISA, CEH, GIAC, GPEN, GCED, Security +)
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday
Back to top