Our client, a leading finance company, is hiring a Vulnerability Assessments Contractor on a contract basis.
Job ID #: 80879
Work Location:
Fort Lauderdale, FL
Summary:
The Vulnerability Assessments Analyst - Red Team Contractor role will participate in the Adversary Emulation program by assisting with our Special Projects Tiger Team. This team will be performing internal network and application reconnaissance looking for violations and observations and reporting those up for remediation.
These contractors are required to assist with a Tiger Team effort in response to a regulatory observation around sensitive data being stored by employees. The contractors will assist with discovery and remediation efforts.
Responsibilities: • Support the client's Red Team in Penetration testing reconnaissance of internal data repositories. • Conduct searches of electronically stored data to extract relevant data efficiently. • Prepare data for internal review and reporting. • Reporting on identified findings. • Work closely with data and control owners on remediation. • Demonstratable knowledge of reconnaissance tools and regular expression to identify data. • Conduct root cause analysis on issues and provide guidance on corrective actions leveraging risk and impact action. • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions. • Assist in assessing risk when making business decisions.
Required Qualifications: • 1-2 years' experience or equivalent knowledge and exposure are required with most of the following: • Regular Expressions • Scanning Tools • Data Mining Tools • Data Repositories (Confluence, Bit Bucket, Github, etc) • Offensive security testing tools: Cobalt Strike, Red Team Toolkit, etc. • An understanding of OSI model • Security devices: Firewalls, VPN, AAA systems • OS Security: Unix/Linux, Windows, OSX • Understanding of common protocols: HTTP, LDAP, SMTP, DNS • Reporting information security vulnerabilities to the business
Education: • Bachelor's degree/University degree or equivalent experience • Industry-accredited security certifications preferred but not required (e.g. PNPT, OSCP, GXPN, GPEN, GCIH, GWAPT, GCFA)
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.