The Associate will assist in generating reports and automating data integration for vulnerability assessments and penetration testing activities. The candidate must possess hands-on experience with information security technologies and concepts such as Vulnerability Management, CVE (Common Vulnerabilities and Exposures), and Risk. A strong understanding of IT and IT security technologies, including authentication, authorization, logging, event and incident management, is required. Additionally, the role demands solid project management and time management skills to effectively manage tasks and deliverables.
Objectives of this Role
- Must have expertise in leading vulnerability assessment or penetration testing tools, such as Nexpose, Nessus, and Metasploit.
- A strong understanding of HTTP request/response construction and the ability to manipulate them for successful vulnerability exploitation is highly beneficial.
- Hands-on experience with Metasploit is a plus.
- Capable of analyzing false positives and identifying Zero-Day vulnerabilities.
- Conduct security assessments through thorough vulnerability testing and risk analysis.
- Continuously stay informed about and evaluate emerging security technologies.
- Solid understanding of system-level attacks, mitigation methods, and core competencies in both Windows and Linux environments.
- Familiarity with managing Windows domains, firewalls, VPNs, intrusion detection systems, and enterprise-level IT infrastructure.
- Engage in ongoing security research to analyze both new and existing vulnerabilities.
- Enhance internal processes by automating tasks currently done manually.
- Collaborate with asset owners and stakeholders to implement response plans and educate them on vulnerabilities and their impacts.
- Foster strong relationships with IT teams and stakeholders.
- Support the documentation of newly identified vulnerabilities as accepted risks.
- Strong oral and written communication skills are essential.
- Knowledge of security rating and application security testing tools is advantageous.
- Proficiency in Linux command-line tools and scripting (e.g., bash, cron jobs) for security tasks is required.
- Ability to utilize Windows tools and commands (e.g., PowerShell) for security assessments and mitigations.
Tools
- Nexpose or any Vulnerability Management (VM) tool
- OpsRamp, GLPI, or Infoblox, or any asset management tool
- Any Cloud-Native Application Protection (CNAP) tools
You'll Need To Have
- Bachelor's degree in a science or related field.
- Strong understanding of IT security concepts and technologies, with a focus on security solutions.
- 2-3 years of hands-on experience in vulnerability assessments and penetration testing.
- At least 1 year of experience working in an IT-related role.
- Over 2 years of experience in an information security role.
- Strong oral and written communication skills, as well as effective listening skills.
- A proactive, team-oriented individual with a positive attitude, able to work well under pressure and collaborate with globally dispersed teams.
- Certifications such as CISSP, CISM, CEH, or technical credentials (e.g., Cisco, Juniper, Microsoft) are a plus.
