Principal IT Security Analyst - Penetration Testing
Company: iCST
Location: Lakeland
Posted on: May 6, 2024
Job Description:
The job responsibilities for this position are:
- Leading moderate to large size application, system, and network
penetration tests to verify that security defenses, standards, and
best practices are properly and effectively implemented.
- preparing and documenting, and delivering the results of scans
and tests to associates responsible for remediation
- planning, documenting, and tracking remediation activities
- responsible for providing security consultation to I/S and
other Publix business areas typically on SOX, HIPAA, and PCI
regulations and highly sensitive systems and architectures
- performing penetration tests on new IT solutions against
security best practices to determine gaps and suggest options for
remediation
- responsible for development and documentation of requirements
and design for moderate to large security solution components,
including rules, dashboards, as well as scripts to facilitate
penetration testing activities
- responsible for providing leadership and work prioritization
for security tabletop and purple teaming projects
- responsible for maintaining personal business and technical
knowledge to train others in IS
- responsible for planning activities within the Security
Assurance Penetration Team
Required Qualifications
- must have a Bachelor's Degree in Management Information
Systems, Computer Science, or other technical/analytical
disciplines, or equivalent experience,
- must have at least four years of experience in IT security in
one or more of the following areas, enterprise network & host
penetration assessments, network & host penetration tools and
methods, remediation management
- Six or more years of experience in one or more of the
following: Active Directory Penetration Testing, Red Team
Operations, Purple Team assessments, Mobile and/or Web Application
assessments, Phishing.
- Six or more years of experience in one or more of the
following: Kali Linux, Cobalt Strike, Metasploit, Bloodhound,
BurpSuite, Nessus.
Preferred Qualifications
- Experience in AWS or Azure penetration testing.
- Experience in MITRE Telecommunication&CK Tactics and
Techniques such as performing defense evasion techniques against
modern AV/EDR solutions
- Experience in Command and Control (C2) infrastructure setup
such as creating/registering domains, setting up redirectors,
etc.
- Continued education including additional or advanced degrees in
analytical, technical, or business discipline,
- six or more years of experience leading and performing
vulnerability/remediation management, vulnerability assessments or
penetration testing of mobile, web, and in-house systems and
applications in a large, distributed environment,
- six or more years of experience automating dashboards and
reports to collect, organize, analyze, and distribute enterprise
scanning tools data,
- strong interpersonal and leadership skills including experience
in organizing, planning, and executing large scale,
cross-functional efforts,
- strong understanding of Windows, Linux/Unix, and Cloud
architectures including secure configuration of these operating
systems and environments,
- strong understanding of networking infrastructure components
and protocols including wireless, firewalls, and/or network-based
intrusion detection/prevention,
- strong understanding of ethical hacking methodologies,
frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST,
SANS/CWE, to maintain, improve, and benchmark the Penetration
Testing Program is desired
- One or more of the following certifications: GIAC Penetration
Tester (GPEN), Offensive Security Certified Professional (OSCP),
Certified Red Team Operator (CRTO), Offensive Security Experienced
Penetration Tester (OSEP)
Keywords: iCST, Orlando , Principal IT Security Analyst - Penetration Testing, Professions , Lakeland, Florida
Didn't find what you're looking for? Search again!
Loading more jobs...