Ultrasound Technologist

RadNet

Apache Junction, AZ

Scheduler

RadNet

Mesa, AZ

Hospice Aide CNA

Addus

Conroe, TX

Vibration Mechanic Maintenance (No Per Diem)

Brown & Root

Maysville, KY

Credentialing Specialist

DuPage Medical Group

Downers Grove, IL

Now Hiring! T-Mobile - Kearns - Store Manager - $500 Sign on Bonus

MobileOne

Salt Lake City, UT

Sewing Operator - National 11th Ave., Jasper, IN

Kimball International

Jasper, IN

Upholsterer - National 11th Ave, Jasper, IN

Kimball International

Jasper, IN

Sales and Service Expert

24 Hour Fitness

Burbank, CA

Registered Radiology Technologist (Days)

Tanner Medical Center

Villa Rica, GA

Registered Nurse - Med/Surg (Nights)

Tanner Medical Center

Villa Rica, GA

Registered Nurse - Float Pool (Nights)

Tanner Medical Center

Villa Rica, GA

Certified Nurse Technician - ICU (Days)

Tanner Medical Center

Villa Rica, GA

Unit Secretary - Emergency Services (Days)

Tanner Medical Center

Carrollton, GA

Registered Nurse - Medical/Oncology (Days)

Tanner Medical Center

Carrollton, GA

Print Tech - Third Shift

1-800 Flowers

Hebron, OH

Sales and Service Manager

24 Hour Fitness

Yorba Linda, CA

Sales and Service Associate

24 Hour Fitness

Portland, OR

TEMPORARY Administrative Assistant

Mosaic

Grand Island, NE

Community Relations Manager

Mosaic

Waukon, IA

Domain Engineer III – Cybersecurity (Senior Penetration Tester)

Sempra

Los Angeles, CA

Not provided

$100,800 - $151,200

2 months ago

Job Description

Primary Purpose



The Senior Penetration Tester conducts penetration tests to proactively manage risk and support IT strategic priorities of application security and cloud security. Conducts penetration tests of applications using both black box and source code review methodologies, as well as penetration tests of cloud environments (AWS and Azure).

 

Duties and Responsibilities Identifies enterprise-level cybersecurity threats and risks with teams monitoring operational tools in order to reduce risks and vulnerabilities to enterprise. Supports design and evaluating cybersecurity technology and technology tools according to delivery framework for business-critical functional areas, providing expertise and insight to mitigate cybersecurity risk and propose controls. Supports product teams with operational oversight and cybersecurity engineering consulting. Contributes to development of relevant applications and systems. Mitigates risk by integrating cybersecurity earlier in development lifecycle, embracing a continuous monitoring approach in parallel with product teams. Writes documentation for implementations of cybersecurity systems or technology, documenting process and contributing to reports on potential enhancements and proposed controls. Evaluates needed technical capabilities and assists in selection of cybersecurity technology (systems, platforms, or networks) with an emphasis on automation to enable strategic capabilities, including risk assessments and process reviews. A capability is a function or service primarily focused on setting enterprise standards or directions and/or running reliable business as usual operations (e.g. a cross-product team such as Quality Assurance or Compliance). Contributes to recommendations to mitigate identified risks. Consults with other teams to provide cybersecurity input regarding system, platform or network enhancements for greater risk mitigation. Partners with other engineers and architects to document cybersecurity impacts are meet performance needs. Provides insights for delivery teams to support adherence to operating company standards and policies. Performs analysis and assessment of cybersecurity related capabilities, ensuring adequate performance, risk assessment, and capacity management. Supports maintenance of cybersecurity systems and related technology tools. Delivers work in accordance with an agile mindset (a mentality supporting new ways of working emphasizing incremental delivery, value prioritization, often using scrum process). Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team. Performs other duties as assigned (no more than 5% of duties).
Education Bachelor's Degree Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience. Required

Experience 4 years - Progressive experience working within IT and/or enterprise cybersecurity with experience in cybersecurity process, risk assessments, and troubleshooting of systems. Required 2 years - Experience working with cybersecurity and technology, with experience in endpoint security, network security, risk management, and/or application security. Significant experience performing vulnerability assessments and/or remediating security vulnerabilities, and developing security capabilities. Required 4 years - Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53 Preferred 2 years - Experience with hands-on development and programming of software and systems. Preferred

Skills and Abilities Required: Cybersecurity Acumen - Knowledge of cybersecurity design and architecture (application, data, and technical) with understanding of how systems and processes work together as aligned to business and IT imperatives Intermediate Cybersecurity Engineering - Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack. Intermediate Cybersecurity Risk Assessment - Ability to evaluate existing systems and solutions for security risk and vulnerabilities, designing solutions and systems that provide quality and traceability of risk data and analytics to inform security recommendations. Intermediate Application Security - Ability to define and operate secure application programs, as well as perform security reviews and tests of applications to meet security and compliance requirements while minimizing the risks of losses through exploitable security defects in applications. Beginner Vulnerability Management - Ability to perform security reviews and tests to meet security and compliance requirements while effectively minimizing the risks of losses through exploitable security vulnerability. Beginner DevSecOps Practices - Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development. Beginner Identity and Access Management - Knowledge related to design and delivery of solutions for establishing user, applications and device credentials and processes for applying those credentials to access enterprise systems and applications. Beginner Network Security Skills - Ability to deliver network security services through preventing unauthorized access to network resources (data and voice systems), managing network security related incidents and providing on-going services to maintain network security operations functions (firewall, DNZ, corporate LANs, etc.). Beginner Development Languages - Knowledge and understanding of one or more IT programming languages and database architectures, and ability to write code and develop applications using those languages. Intermediate Preferred: Software Delivery Frameworks – Strong knowledge of delivery frameworks such as Agile Scrum, Kanban, and/or Software Development Lifecycle (SDLC); proven ability executing projects in a collaborative, fast paced environment. Intermediate IT Service Management - Ability to manage IT services lifecycle (service strategy, design, transition, operation, continuous service improvement) and use DevOps methodology and tools to analyze results Intermediate

Application security – Ability to conduct black box testing for OWASP Top 10 and other risks, as well as source code review. Strong knowledge of Burp Suite for manual testing (not just automated scanning). Intermediate

Cloud security – Ability to conduct privilege escalation techniques in AWS IAM and Azure, SSO phishing against AWS and Azure environments. Intermediate

Network penetration testing and red teaming – Ability to conduct network penetration testing and red teaming techniques in an Active Directory environment. Intermediate

Licenses and Certifications CompTIA Security+, Global Information Assurance Certification (GIAC) or GIAC Security Essentials (GSEC) Preferred

Other Qualifications May require 24/7 response availability.

BrightJump Recommended Skills

Not available

ADP, Inc.

Copyright © 2021 ADP Inc.

All rights reserved. ADP, the ADP logo and BrightJump are trademarks of ADP, Inc. All other marks are the property of their respective owners.