|Company||MHI Shared Services Americas|
|Preferred GIAC Certifications||GPEN, GSEC, GISP|
|Contact Name||Felicia Whitford|
About the Job
Our organization is dedicated to securing a variety of businesses, and we are seeking a passionate, intelligent, curious, and diligent professional to join our security team. Our team collaborates with leadership and IT teams, and your integrity, good judgment, and competency will reflect our organizational goals. You will act as key resource for a variety of security assessments across multiple organizations in the western hemisphere, with a primary focus on red and purple team.
If you are excited about information security in general, and vulnerability assessments, cyber hygiene, and penetration testing in particular, this role is for you.
You should be a problem solver with strong knowledge of information security.
You will get to exercise your knowledge about attack vectors and techniques to help protect multiple enterprise environments, and advise and implement security controls. We will expect you to be current on vulnerabilities and threats so you can help our team and our customers focus on effectively improving security and reducing risk.
You should have experience with the tools of the trade, and have some experience implementing security controls, and working with IT infrastructure, servers, endpoints, or networks. If you have worked in Azure, that will be extraordinarily helpful.
You will be responsible for building presentations where you can distill complicated topics into human readable materials.
Job responsibilities include
Participate in red, purple, and blue teams.
Lead vulnerability assessment & management, cyber hygiene and health checks, penetration testing, general security assessments, vendor risk assessments, third party tests/assessments/audits, and regulatory tests/assessments/audits.
Timely, clear, and complete communication and documentation.
Teamwork and collaboration with system owners, business process owners, and colleagues in IT.
Identify, prioritize, and respond to risks based on standards, good judgement, and organizational priorities and requirements.
Prepare, analyze, and summarize material for a senior management audience.
Respond to high priority security incidents.
Skills and Qualifications
Experience with vulnerability management processes and technologies.
Experience with penetration testing and associated tools.
Experience coordinating and/or performing and/or an ability to learn the many, if not all, of the types of security assessments described herein.
Experience with Active Directory, GPO, Windows (architecture, standards, networking, and firewalls), and networks.
Experience with Azure is highly desired.
Follow industry best practice methodologies for security assessments and testing.
Experience with common scripting languages (PowerShell, python) and using them for automation.
Familiarity or experience with one or more of the following: recon, exploitation, post-exploit activities, evasion techniques (AV, IDS, etc.), ATT&CK, IR, or forensics.
Knowledge of OSI layers.
Phishing, OSINT, and social engineering.
Ability to review and validate findings of tools and third parties.
Continuous pursuit of professional development opportunities, including external and internal training, professional association memberships, community involvement, and internal information sharing/cross-training.
The ability to work on multiple projects concurrently and a commitment to providing exemplary customer service.
Technical writing and presentation skills.
Strong knowledge of the true tools of the trade: Excel, Visio, and PowerPoint.
Comfortable working in small ad hoc teams and having your work be subject to their review.
A valid driver’s license.
Ability to travel internationally (North and South America)
Work Habits and Productivity Expectations
Due to the nature of some security assessments, flexibility with working hours is important.
Complete work in a timely manner with a high degree of quality.
Track billable hours and internal time as required.
Plan and coordinate projects, travel, and related activities.
Be excited and open about collaboration.
Consult with team members in infrastructure, applications, service desk, et al, to ensure their concerns are understood, and that you are understood so we can succeed at reducing business risk.
Collaborate with other teams to improve security overall.
Participate in or lead tabletops or other training.
Stay up to date on security best practices and vulnerabilities.
We encourage contribution to the research and development of tools, as well as participation in the information security community.