Job Type: Contract
- Performs discovery scanning via the Vulnerability Management Platform (scheduled and ad-hoc)
- Provides gap analysis to compare the list of known resources so gaps can be investigated and owners identified
- Identifies resource types (e.g. router, desktop computer, server, network switch, firewall, etc.), operating systems, and whether active services are “Enterprise” level
- Tracks via remediation management system and provides a wiki-style format to capture recommendation, analysis and facts, and links to other research
- Populates data visualization tool (such as Tableau, Brinqa, and Hygieia) for reporting vulnerability metrics by system and owner
- Researches vulnerabilities to determine attack vectors and possible vulnerable targets and launches specific scans and reports for that vulnerability in VM scanning tool(s).
- Coordinates with business, IT teams, and Technology Risk Management (TRM) to remediate compliance findings in a timely manner while addressing risk reduction objectives
- Defines, manages, and measures security configuration baselines in line with internal policies/standards and CIS benchmarks
- Defines and manages cloud specific technical security policies (CSA security guidance)
- Bachelor’s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
- 3 years of hands-on technical security engineering experience
- Certifications: CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT
- Ability to install, configure, troubleshoot, and administer VM Platform(s). (Ex.Tanium, Tenable, Coverity, Brinqa, etc.)
- Experience with Tanium programming or creating custom configurations within Tanium
- Experience with dynamic and static code analysis experience (e.g. QualysWAS, SAST tools, Tenable)
- Experience with security configuration checklists (e.g. CIS Benchmarks and CSA security guidance)
- Familiarity with NIST Special Publications (e.g. 800-171,800-53, CSF)
- Familiarity with PCI DSS Compliance standards and scanning practices
- Ability to code and script Python, SQL, BASH, or PowerShell
- Ability to configure and use technical assessment tools such as Tanium Comply and Tenable Nessus
- Deep understanding of the technical architecture of IT systems built using Windows, UNIX, Linux, Solaris, VMware, Citrix, Oracle, and MySQL platforms
- Experience and knowledge in cloud and Kubernetes environments. (Azure Kubernetes Service, IBM Kubernetes service, Oracle Cloud Infrastructure, etc..)
- Experience in DevOps Toolchain methodologies, including Continuous Integration and Continuous Deployment
- 5+ years of hands-on technical security engineering experience
- Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups; strong presentation and technical documentation skills
- Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
- Ability to work well within a team environment, as well as independently
- This is a contract opportunity with optional benefits including medical/dental/vision, 401(k), life insurance, etc.
- We can facilitate W2 and corp-to-corp (C2C) consultants. For our W2 consultants, we offer a great benefits package that includes medical/dental/vision benefits, 401(k) with company matching, and life insurance.
Established in 1998, Ntelicor provides hard to find IT talent and flexible staffing and IT solutions to Fortune 50 and companies of all sizes. We dedicate ourselves to our clients’ unique needs and rapidly and efficiently deploy our specialists and solutions. As our team continues to grow, we look forward to providing our clients and our people with extraordinary value and service for years to come.
This job not for you? Refer your friends! If we hire a candidate you refer, you can earn up to $1,000 per referral.