Cyber Security Analyst level IV
KellyMitchell matches the best IT and business talent with premier organizations nationwide. Our clients, ranging from Fortune 500 corporations to rapidly growing high-tech companies, are exceptionally served by our 1500+ IT and business consultants. Our industry is growing rapidly, and now is a great time to launch your career with the KellyMitchell team.
Job Summary: Cyber Security Analyst
- Perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
- Capture and analyze data from all seven layers of the OSI model, including ability to discern whether said data contains vulnerabilities
- Ability to create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management
- 3+ years experience penetration/vulnerability testing for web and thick-client applications in an enterprise environment
- Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.
- Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
- Full grasp and ability to articulate and/or train others on the “OWASP Top 10” and related concepts
- 3+ years experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language
- 3+ years experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases
- Have a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
- 3+ years experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc.
- Demonstrable knowledge of the principles and techniques used to bypass said controls.
- Preferred certifications for GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE