IT Security Analyst with Network Protocol Penetration Testing, PSIRT and vulnerabilities identification

Hello Professionals,

We are looking for an IT Security Analyst at Cary, NC for a contract opportunity. Please find the below job description and apply for the job if you are interested.

Role: IT Security Analyst

Location: Cary, NC (Hybrid)

Mode: Contract

Mandatory Skills : Network Protocol - L3 Protocols, Network Protocol Penetration Testing, PSIRT and vulnerabilities identification

Good to Have Skills : Packet Core and Policy Control

Cloud Security Analyst

Reporting to the IT Security Manager the IT Security Analyst is a position based in North Carolina

Responsibilities

Hands on experience on security testing tools such as Burp Suite Mimikatz Cobalt Strike PowerSploit Metasploit Qualys Web Inspect or other tools included within the Kali Linux distribution

Experience in security assessment activities within a clients environment emphasizing manual stealthy testing techniques using commercially freely available offensive security tools and utilities built into operating systems

Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing

Good understanding of cloud technologies and its security best practices

Finetune WAF policies and configurations to optimize security while minimizing false positives

Configure deploy and maintain Web Application Firewalls WAF in production and development environments

Coordinating investigations and reporting of security incidents related to Network Systems and applications

Coordinate and execute IT security projects for client at multiple locations

Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises including SAAS and IAAS

Monitoring system compliance with the IT framework for controls and levels of access recommending improvements

Collaborate with other groups inside the client to manage security vulnerabilities and help manage risks

Administer securitydedicated systems Software Firewall management EDR NDR log collection reporting analytics Cloud Security consoles as appropriate

Experience with CSPM tools such as WIZLacework Google Security Command Center

Terraform CloudFormation Forseti and other similar tools experience is highly desired

Conduct and collaborate on laptop and server forensics as well as Cloud Service Provider forensics with the global security team

Perform other related duties as assigned

Qualifications

BA or BSc in Computer Science Management Information Systems Information Assurance or related field

Advanced degree desirable

Must have 6 years of progressive experience in computing and information security

Knowledge of common adversary tactics and techniques eg obfuscation persistence defense evasion etc

Knowledge of Mitre ATTCK framework preferred

Good knowledge of security fundamentals Networking protocols TCPIP stack systems architecture and operating systems

Must have practical experience in Privacy Controls and implementing them in a corporate environment

Expert knowledge is desired of laptop operating systems MacOS Windows and Linux

Proven project management experience a bonus specifically experience in managing remote office configuration and bringing up and working with remote offsite vendors

Experience working in a large cloud or Internet software company

Business Application security analysis and practical experience is a plus eg SFDC NS SiSense

CISSP GIAC or other security certifications desired

Knowledge of information security standards eg ISO 1779927002 etc rules and regulations related to information security and data confidentiality eg FERPA HIPAA etc and desktop server application database network security principles for risk identification and analysis

This position requires some weekend and evening assignments as well as availability during offhours for participation in scheduled and unscheduled activities