Must have experience with Security Testing for Web Applications.
· Identify, document, and provide background for key decision makers regarding information risk.
· Develop and drive execution of the management of information risk utilizing mechanisms to track the identification, remediation or acceptance of risk decisions.
· Become an advocate of Client Information security policies, standards, and processes
· Drive remediation of security risks including prioritization and tracking of vulnerability data
· Partner with technology/application owners and information security teams to enhance remediation and exception efforts.
· Research industry best practices for most effective tactical security practices.
· Assess vulnerabilities; determine and initiate the required remedial action and or training needs.
· Measure vulnerability metrics, define and measure success in regard to vulnerability remediation, security tool adoption and training.
· Identify operational roadblocks to ensure timely remediation and countermeasures.
· Maintain an understanding of information security threats and possible impacts to the enterprise
· Assist others in interpreting, understanding, and applying information security policies and standards
· Works closely with other members of the Information Security organization in a collaborative and goal-oriented manner
· Other duties as assigned
· BS degree in a technical field or +2 years of relevant experience
· 3+ years of experience in two or more of the following: network vulnerability assessments, web application security testing, network penetration testing, red teaming, risk assessments, IT/IS audit, or security operations
· Excellent professional communication skills (customer service and/or sales experience is a plus)
· At least one year of documenting and implementing security policies, standards, and/or controls (experience in gap analysis preferred).
· Proven ability to think logically and strategically about technical solutions to security gaps.
· Excellent analytical and problem-solving skills.
· Strong knowledge of information security best practices for infrastructure (networks, servers, cloud), databases, and application security.
· Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Client, Inc. both at WHQ and globally.
· Comfortable working with ambiguity is a must.
· Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict.
· Passion for the Client brand and for an innovative, Just Do It work environment.
· Strong understanding of network protocols and architecture fundamentals
· Strong understanding of cloud computing and virtual infrastructure environments
· Experience with programming at least one of the following: Python, ruby, R, bash, C or C++, C#, or Java, including scripting and editing existing code
· An understanding of regulatory requirements and how to measure compliance
CEH, ECSA, GSEC/GCIH/GCIA /GIAC, CISSP, or other similar certifications desired