Senior Security Engineer I, Vulnerability Management and Critical Security Assessment Division

About Specialized Security Services, Inc.
For over two decades, our expert team has successfully assisted organizations with the implementation and oversight of their information security, privacy, and regulatory compliance programs. Our reputation is our own, built upon our steadfast commitment over the years to do the right thing and go above and beyond for our clients. We pride ourselves on our ability to think outside-the-box, stay nimble and succeed as a team. Additionally, education is important to Specialized Security Services, Inc. We encourage all team members to grow their knowledge base through continuing education, and as such offers reimbursement for industry related certifications.

Position Summary
Reporting directly to the Vice President, Cybersecurity Services, the Senior Security Engineer assists clients with their information security programs and project initiatives by undertaking risk assessments, advising on the implementation of security measures, recommending appropriate risk mitigations, performing vulnerability assessments, security assessments, web application assessments, reverse engineering, social engineering, and standards in the context of projects and business scenarios to help the business operate securely. This role has a significant component in defining security requirements and ensuring that all projects meet these requirements, or that exceptions and issues are noted and remediated as appropriate. Successful candidates must excel at providing comprehensive network security recommendations, systems analysis, and full lifecycle project management. This position requires the ability to travel between 50-75%.

Responsibilities
• Perform vulnerability scan assessments, web application security assessments, and other security assessments including but not limited to network discoveries, firewall assessments, data discovery assessments, email pan assessments for Clients.
• Define the scope of work to be performed prior to assessment.
• Effectively communicate with Clients onsite and offsite to maintain ongoing long-term perspective of being their “Security Partner.”
• Conduct penetration tests to simulate potential attacks on the payment card data environment (CDE), Secure data environment and identify vulnerabilities that could be exploited.
• Conduct onsite pre-scan meetings to establish expectations, identify the key players in the assessment process, and to provide guidance to the clients as to the scope of work to be performed.
• Perform internal, external scans, by IP Addresses and FQDN provided by the Client.
• Generate informative reports based on the results of the network testing. All scan reports will include the AOSC, details, executive summary, workbook, and RAW results according to PCI requirements.
• Identify true vulnerabilities versus false vulnerabilities.
• Assist in the remediation of identified vulnerabilities and weaknesses by providing guidance and support to clients.
• Conduct Penetration testing assessments of client secure data environments against various industry frameworks and regulations.
• Know each Client’s environment well enough to identify inconsistencies and identify potential vulnerabilities.
• Maintain professional, courteous, and civil relationship with all external and internal customers.
• Maintain communication with Clients after scans to keep open line of communication.
• Must be available to work as needed, including off hours.
• Perform other duties/functions as assigned.

Qualifications & Experience
• Strong knowledge of security vulnerabilities, threat landscape, industry best practices, including PCI DSS and other industry requirements and standards.
• Proficiency in vulnerability scanning tools and security assessment methodologies.
• Strong analytical and problem-solving skills.
• Excellent communication, delegation, and teamwork abilities.

Education & Certifications
• A university degree in Computer Science, Engineering, or a field which relates to the role.
• Security certification such as CISSP, CISA, CISM, SANS GIAC, CEH.
• Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies.
• Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems.
• Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and processes.
• Previous experience in compliance programs including pre-assessment or assessment and gap remediation programs.

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Prolonged periods of sitting at a desk and working on a computer.
• Routinely is required to sit, walk, talk, and hear; use hands on keyboard, finger, handle, and feel.
• May occasionally be required to stoop, kneel, crouch, twist, crawl, reach, and stretch.
• Must be able to lift approximately 15 pounds, on occasion.
• Ability to complete client engagements, onsite, if required.
• May require travel dependent on company needs.
• Can work under deadlines.