The Friedkin Group
Receive alerts when this company posts new jobs.
Threat and Vulnerability Engineer
at The Friedkin Group
The Threat and Vulnerability Engineer serves as a subject matter expert on Windows server and PC vulnerability analysis and remediation. This includes implementing automation improvements to drive enterprise wide recurring scans as well as being able to conduct in depth manual testing. The ideal candidate will combine expert level technical skills with the ability to lead program development efforts. They will be responsible designing and implementing a comprehensive server security program. The Threat and Vulnerability Engineer will assess server security by performing security testing, participate in design reviews and work in partnership with server operations teams to development appropriate server security controls. Familiarity with automated patching solutions and patch management programs is needed as this role will help support patching operations teams. This position requires extensive experience in server security on Microsoft platforms, security testing, risk analysis, vulnerability remediation, and project management. Threat and Vulnerability Engineer will also support third party assessments activities. You will need to work both interdependently and effectively as a member of cross functional teams. Work will also include assisting the IT Security team in security operations activities as needed.
- Perform serverand PC security testing for development and production environments
- Perform manual system reviews as required
- Provide remediation guidance including identifying patches, configuration controls and compensating controls
- Identify and resolve any false positive findings in assessment results
- Monitor threat and vulnerability data sources for emergent risks
- Communicate significant new risks and oversee response initiatives
- Assist server administrators in designing, developing and implementing integrated security solutions
- Support system hardening and patching efforts
- Produce metrics and reporting on the state of system security
- Conduct securityrisk analysis of business and technology projects
- Participate as needed in documenting securitystandards, guidelines, policies and procedures
- Act as serversecurity resource on assigned projects
- Develop and/or deliver serversecurity focused training
- Assist in incident response
- Support security operations and security team tools and services
Does not manage people but may lead projects.
- Bachelor's degree in Computer Science, Computer Engineering, Information Security, Information Technology and 5 year's work experience in server security analysis and remediation; or equivalent combination of education and experience.
- Experience with Rapid7 or similar automated scanning tool
- Manual configuration analysis and vulnerability testing experience
- Experience working closely with operations teams
- Experience with interpreting policies and appropriately applying them to projects
- Experience writing technology specific best practices
- Experience with WireShark, Kali Linus and Metasploit and similar security testing tools
- Competent in Linux administration and use
- Experience coding enhancements for tool automation in languages like C#, C++ and Python
- Experience creating custom power shell scripts
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
CERTIFICATES, LICENSES, & REGISTRATIONS
- OSCP, CREST, CEH or similar certification desired
- CISSP preferred
The physical requirements described here are representative of those that must be met by an associate to successfully perform the essential functions of the job. While performing the duties of the job, the associate is required on a daily basis to analyze and interpret data, communicate, and remain in a stationary position for a significant amount of the work day; and frequently access, input, and retrieve information from the computer and other office productivity devices. The associate is regularly required to move about the office and around the corporate campus. The associate is occasionally required to travel to other sites, including out-of-state, where applicable, for business. The associate must frequently move up to 10 pounds and occasionally move up to 25 pounds.
The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job. While the job is generally performed in an office environment, the associate is occasionally exposed to wet and/or humid conditions, areas in which moving mechanical parts, fumes, toxic or caustic chemicals are present, and outside weather conditions. The noise level in the office environment is typically quiet, but the associate may be occasionally exposed to loud noise levels.
Minimal travel is required for this position (up to 20% of the time and on a domestic basis).
Is legally able to work in the United States.
The Friedkin Group and its affiliates are equal opportunity employers and maintain drug-free workplaces by conducting pre-employment drug testing