Job Specifications
You MUST HAVE Penetration Testing experience and know it well!
ESSENTIAL JOB FUNCTIONS
Support Client's Cybersecurity Solutions including performing weekly patch management process, maintain NERC CIP compliance and SLAs, weekly customer calls, and contribute to sustaining the product enhancement.
Lead security activities within the SDLC including Code Reviews, Threat Modeling, SAST, DAST, & SCA.
Lead Penetration Testing on Client's products such as Web, Thick, and API applications.
Conduct periodic security reviews to evaluate the effectiveness of existing security measures.
Collaborate with internal and external stakeholders to ensure technology solutions meet security requirements.
Serve as a Subject Matter Expert (SME) for Cyber Security for other Departments queries, recommendations and needs.
Coordinate with different teams within the organization to ensure software, hardware and network security.
Respond to and mitigate incidents and security threats, performing digital forensics and incident response when necessary.
Maintain Cybersecurity policies, standards, and procedures.
Develop training and guidance materials on security awareness and best practices to other personnel.
Staying up to date with the latest security threats and trends.
Manage and/or contribute to additional security projects and tasks as needed.
Ability to prototype and implement new security tools and technologies.
QUALIFICATIONS
EDUCATION:
Bachelor's degree in Cybersecurity, Computer Science, or related field
REQUIRED EXPERIENCE:
5+ years of experience as a security engineer or equivalent
The ideal candidate will have an in-depth understanding of the NIST based on practical working experience and a functional knowledge of security standards such as NERC CIP, ISO 27001, IEC 62443.
Solid understanding of the OWASP Top 10, OWASP ASVS, and other security frameworks.
Proven cyber security experience with Firewall, Cloud, and SIEM tools (e.g., Azure, Secureworks MDR, Synk, Fortinet, KnowBe4, BitSight etc.)
Expert with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source penetration testing tools like Burp Suite, OWASP ZAP, Metasploit, SQLMap, etc.
Excellent analytical and problem-solving skills.
High level of attention to detail and quality of work product.
Ability to work independently with minimal oversight and within a team environment.
Strong organizational skills; ability to accomplish multiple tasks within the agreed upon timeframes through effective prioritization of duties and functions in a fast-paced environment.
Strong written and oral communication skills, including the ability to present ideas and suggestions clearly and effectively.
Good judgment, a sense of urgency, and a commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.
PREFERRED EXPERIENCE (Not Required):
Master's degree in Cybersecurity, Computer Science or other relevant technical discipline
5+ years of experience in a security engineer or related role.
2-5 years of hands-on penetration testing experience.
2-5 years' experience using endpoint security tools to investigate.
Operational experience with incident response, vulnerability management, network and security monitoring.
Certification in one or more of the following: CISSP, OSCP, OSCE, GPEN, CEH, Azure, Security+.
Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges - SANS Holiday Hack, HackerOne CTF, HackTheBox, etc.).
Demonstrated ability to lead and mentor security team members, fostering continuous improvement and collaboration.
Knowledge of AI security and generative AI systems.
Knowledge of various security and risk assessment tools.
Familiarity with networking protocols and components.
Ability to clearly explain complex security issues to leadership.
Familiarity with regulatory compliance in the Power Industry.
Knowledge, Skills & Abilities
Possess core competencies around security assessments, patch management, and a good understanding of frameworks such as NIST
Strong communication skills
Analytical thinking
Occasional travel up to 10% may be required to support the position's responsibilities
Occasional off hours work may be required