Attack Surface Engineer Position Available In Broward, Florida

Job Description:

Global Financial Firm located in Fort Lauderdale, FL / Irving,TX has an immediate contract opportunity for an experienced AttackSurface Engineer “This role is currently on a Hybrid Schedule. Youwill need to have reliable internet, computer and android or iphonefor remote access into the client systems during remote work. Wewill be expected in the office weekly 2-3 days depending on theteam requirement. Video/ f2f interviews are required prior to alloffers.

The Role:

This individual will participate in activities aspart of the organization s Attack Surface Reduction (ASR) programand Breach Attack Simulation (Client) program. The candidate mayalso participate in Red Team and Penetration Testing exercises. Tobe successful in this role, the ideal candidate will haveexperience with reconnaissance, attack surface mapping techniques,strong programming background and offensive security experience.

Responsibilities Assist with the development and implementation ofprogram management processes and tools related to attack surfacereduction Support Client s Red, Blue, and Purple Teams during theexecution of offensive security assessment operations Develop andimplement Red Team automation tools utilizing various programminglanguages Assist in developing and maintaining technicaldocumentation Monitor program progress and identify potential risksand issues, including the changes in the firm s attack surface orthe emergence of new threats Review and validate automated testingresults and prioritize actions that resolve issues based on overallrisk Analyze source code to mitigate identified weaknesses andvulnerabilities within the system Review and validate automatedtesting results and prioritize actions that resolve issues based onoverall risk Scan and analyze applications with automated tools,and perform manual testing if necessary Reduce risk by analyzingthe root cause of issues, their impact, and required correctiveactions Identify opportunities to automate and standardizeinformation security controls and for the supported group Establishmeaningful partnerships with relevant stakeholders across theenterprise is a key function of this role to build and maintain acomprehensive model of applicable, feasible threats, and risks tothe business Act as a subject matter expert and provide guidancewith stakeholders Identify and ensure compliance with relevantframeworks and guidelines (e.g., NIST) Demonstrate appropriateconsideration for the firm’s reputation and safeguardingClientgroup, its clients, and assets by driving compliance withapplicable laws, regulations, and Client Policy Qualifications 4years experience or equivalent knowledge and exposure are requiredwith most of the following: An understanding of attack surfacemanagement tools, including their capabilities and limitations Deepunderstanding of reconnaissance types and techniques Strongcommunication and interpersonal skills, including experience withtechnical and non-technical teams Excellent analytical andproblem-solving skills, with the ability to analyze complex datasets, and provide recommendations for mitigating risk Familiaritywith big data technologies, data analysis and visualization tools:

Tableau, Spark, Hive, Hadoop, etc.

Experience with programmanagement tools:

ServiceNow, JIRA, Confluence, etc. ConductingVulnerability Assessments and Penetration Testing (applicationand/or infrastructure) and articulating security issues totechnical and non-technical audience Identifying, researching,validating, and exploiting different, known, and unknown securityvulnerabilities on the server and client side Leveraging the MITRETelecommunication&CK Framework Red Team testing tools: CobaltStrike, Red Team Toolkit, etc.

Vulnerability Assessment tools:

Nessus, Qualys, etc.

Exploitation frameworks:

Metasploit, CANVAS,Core Impact Social Engineering campaigns: email phishing, phonecalls, SET Deep understanding of OSI model and

OWASP Securitydevices:

Firewalls, VPN, AAA systems

OS Security:

Unix/Linux,Windows, OSX Understanding of common protocols:

HTTP, LDAP, SMTP,DNS

Web application infrastructure: Application Servers, WebServers, Databases Web development and programming languages:

Python, Perl, Ruby, Java, .Net Education Bachelor sdegree/University degree or equivalent experience Master s degreepreferred Industry-accredited security certifications highlypreferred but not required (e.g. PNPT, OSCP, OSCE, GXPN, GPEN,GCIH, GWAPT, GCFA, or CISSP) This job description provides ahigh-level review of the types of work performed. Other job-relatedduties may be assigned as required.