ISA - Information Security Analyst (Penetration Testing Specialist)
Job description:
Information Security Analysts perform vulnerability risk assessments of enterprise networks with the intent to enumerate security related threats and assign appropriate risk values. Secondarily, ISA’s perform Penetration Testing of perimeter, intermediate, and internal networks through logical, technical and Social Engineering methods. Additionally, ISA’s review the enterprise security posture and determine and recommend remediation strategies based on appropriate standards and guidelines. Finally, ISA’s are responsible for the information gathering, documentation of findings and evidence, report writing, and presentation of findings to senior managers and IT staff with the intent to assists clients in attaining highly secure enterprise networks.
Responsibilities:
- Perform vulnerability and Attack & Penetration assessments in traditional and wireless networking environments.
- Perform discovery and scanning for open ports and services.
- Apply appropriate exploits to gain or expand access as necessary.
- Application penetration testing and application source code review.
- Interact with the client as required throughout the engagement.
- Modify existing documents such as scopes of work and rules of engagement
- Produce reports documenting discoveries during the engagement
- Debrief the client at the conclusion of each engagement
- Participate in research and provide recommendations for continuous improvement.
- Penetration testing of traditional and non-traditional networks.
- Information gathering, report writing and presentation.
Requirements:
Candidates will demonstrate their ability to perform the following tasks in a computer lab simulation as well as through written exams at the time of interview:
- Demonstrate strong understanding of Linux, Windows, networking, telephony and wireless security skills management and penetration skills.
- Security testing of Enterprise networks through ethical hacking.
- Application security source code assessments.
- Demonstrated understanding of TCP/IP networking.
- Excellent written and verbal communication skills.
- Manual Attack & Penetration testing experience with commercial and open source tools.
- Ability to perform Social Engineering (impersonations, pretext calling, and Identity spoofing)
- Demonstrated ability to utilize both manual and automated attack methods to assess and penetrate perimeter, intermediate and internal traditional and wireless networks.
- Demonstrate understanding of a standards based approach to enterprise networking.
- Demonstrate ability to identify security related deficiencies and to formulate and present sound recommendations for remediation.
- Demonstrate the ability to communicate clearly, to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments.
- Demonstrate a comprehensive understanding of security processes for installation, management, monitoring and response of enterprise networks.
Candidates must be able to pass thorough background investigation for employment and subsequent Government Security Clearances.
Certifications:
Network Plus or CCNA, and CEH or CPTS
Preferred: CISSP, CIA, CISA
Experience:
5 plus years verifiable computer related experience with minimum of 2 years in a security or auditing capacity.
Travel:
50-75% (Road Warrior)
Local Candidates only No phone calls
Candidates with existing security clearances will be given priority.
Resumes with cover letter may be submitted for consideration to careers@esureity.com in Microsoft Word or PDF format only.