Primary Responsibilities of the Security Specialist I, Global Security Operations Center Role

• To perform network, system and application vulnerability assessments and penetration testing.
• To do pen-source and commercial testing tools including Kali Linux, Nessus, Metasploit, Nmap, Burp Suite Proxy, Wireshark, Kismet, etc. Additionally, must maintain awareness and knowledge of newly released open-source tools and exploits.
• To use various scripting languages such as Python, Perl, PowerShell, Bash, etc.
• To analyze identified vulnerabilities to write clear and concise assessment, penetration testing and compliance reports.
• To configure, administrate, and troubleshoot Operating Systems including Unix/Linux, Windows, iOS, Android, and the various network devices.
• To applies advanced knowledge of concepts, practices, and procedures of IT Security, with awareness of related fields.
• Applies analytical and interpretive thinking to complex problems; determines methods /procedures based on professional judgment to achieve desired outcomes.

Skills/Competencies

• Knowledge of TCP/IP protocols and networking architectures.
• Knowledge of databases, applications, and web server design and implementation.
• Knowledge of security and IT standards, such as PCI DSS v3.0 & NIST SP800.
• Knowledge of the National Vulnerability Database (NVDB) & the Common Vulnerabilities and Exposures List (CVE). CVE is a dictionary of publicly known information security vulnerabilities and exposures.
• Excellent time management, written documentation, and oral presentation skills.

Minimum Requirements

Education:

Bachelor’s degree in Information Technology, Computer Science, or related field. Experience may be evaluated in lieu of educational requirements on a case-by-case basis.

Experience:  (3+ years' experience)

• Experience with mobile devices and mobile application security, including secure configuration and tools, techniques, and procedures for security testing.
• Experience assessing and testing network devices, including firewalls, routers, VPNs, and switches.
• Experience with programming and scripting in C++, Perl, Python, bash, Java and/or Assembly Language (x86).
• Experience with TCP/IP including but not limited to HTTP, HTTPS (SSL), DNS, SMTP, MSRPC, RDP and SSH.
• Experience with wireless network security, including secure configuration and tools, techniques and procedures for security testing.
• Experience with application security, including source code review.
• Experience with audit techniques to identify insecure configurations of Windows/Unix/Linux, web servers (Apache, IIS, etc.), databases (MySQL, MSSQL, Oracle, etc.) and web application scripts (PERL, Python, ASP, etc.).
• Experience with one or more social engineering test modes (physical, phishing or pre-texting).
• Will consider relevant security certifications such as CEH, GIAC, CISSP, GPEN, CEPT, LPT, CPT, OSCP, etc.

Travel:  None