Are you a Cyber Security Associate who has a thorough understanding of information security frameworks, ERP and cloud-based applications, and information system auditing and vulnerability assessment techniques? Do you have 3+ years of experience in incident response, vulnerability assessments, penetration testing, ethical hacking, security architecture design? If so, read on and let's talk.
Responsibilities: Seeking a Cyber Security Senior Associate who will work with both large and small companies to review their information system and network security. The Cyber Security Associate will partner on advisory services project teams to assess and improve our client’s IT environments, procedures, and controls related to their regulatory compliance and strategic objectives.
IT security risk assessment frameworks, including implementation experience
IT Security industry and regulatory requirements including participating in audit or remediation activities for requirements such as PCI-DSS, Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAE-16 SOC 2 etc.
IT governance and security related frameworks, such as COBIT, NIST 800-53, ISO27000 and current cyber security trends
Conducting IT security technical and functional assessments, including drafting observations and recommendations, and assisting with remediation activities
Performing wireless, internal and external network, and web application vulnerability and penetration testing and the ability to document technical observations and recommendations
Vulnerability and Penetration Testing Standards such as OWASP top 10, DoD or NSA
Some scripting knowledge Windows, Unix, Bash, Python, Perl or Ruby
Security policies, tools and technology including Identity and Access Management, Data Loss Prevention (DLP), SIEM solutions, Firewall, Web Proxy, Anti-Virus, and Application Whitelisting solutions
Conduct technical security vulnerability and penetrations testing assessments on our client’s web applications, wireless, internal and external networks and providing actionable and risk prioritized observations and recommendations
Complete the assigned IT security and application controls on 1-3 project teams, within the given budget with minimal supervision by:
Creating system narratives, identifying key controls, and concluding on design and operating effectiveness of key controls.
Demonstrating clear and concise writing, and verbal skills to communicate complex issues in simple terms to clients and team members.
Producing quality deliverables evidenced through minimal review time and review notes.
Actively improving technical and project management skills through on the job feedback, performance evaluations, mentoring and firm-sponsored formal training programs including monthly CPE and Subject Matter Expert (SME) training.
Responding to client needs and balancing the competing priorities with minimal client disruptions, while maintaining project progress.
- Bachelor’s degree is required in a related field; information systems or computer science preferred
- 3+ years of experience in incident response, vulnerability assessments, penetration testing, ethical hacking, security architecture design, including supervisory experience, is required;
- 2+ years of hands-on application and web application security experience
- Certification(s) Preferred: CPTC, CPTE, GPEN, CEH, CISSP, CISM or CISA
- Must have a willingness to learn and support IT internal audit, SSAE16 – SOC 1 Type II and Sarbanes-Oxley projects
- Strong experience in performing application penetration testing, as well as using techniques and tools such as Cenzic, Wireshark, Kali Linuz, NMAP, Burp Suite, etc.
- Must be able to articulate complex and technical information to a technical and non-technical audience
- Ability to understand IT risks and implications to the business, identify weaknesses and recommend solutions
- Self-directed, with the ability to thrive in a fast-paced and collaborative environment
- Flexible, team player and deadline oriented
- Flexibility to travel to clients within the greater Los Angeles Area