Sr Penetration Testing Engineer

  • Direct Hire
  • N/A,

Gravity IT Resources

Apply Now

Job Title: Sr. Information Security Engineer

Location: Remote

Job-Type: Direct Hire

Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).

 

Description:
Gravity is hiring a Senior Information Security Engineer who will alternate between managing all aspects of security monitoring, Security Information and Event Management capabilities and performing network penetration and application vulnerability testing. This role is expected to contribute thought leadership to advance the technical, security operations of the company, across multiple contributing teams. They should be familiar with and well versed in interpreting multiple threat intelligence sources to inform the technical risk management guidance and recommendations provided by the Information Security team. They are responsible for mentoring analysts to improve their team members’ understanding and proficiency in their roles as security analysts.

 

The Role:

  • Critically analyze security event data to identify anomalous activity requiring further investigation and/or incident response
  • Collaborate with the Information Security team and other technical teams to ensure that all information systems have adequate controls in place to detect and respond to intrusion and exfiltration attempts
  • Partner closely with the managed Security Operations Center vendor team to establish an effective cadence of threat monitoring, detection, and response
  • Partner closely with external providers of security testing services to clearly define testing scope and objectives as well as ensure all findings are fully understood and tracked to remediation
  • Coordinate and facilitate the identification, risk prioritization, and tracking/ticketing of security vulnerabilities through to completion of remediation activities by accountable teams
  • Validate and enhance monitoring and response capabilities using a variety of tools from NIST standards to Red Team vulnerability and penetration exercises
  • Provide leadership in all aspects of information security incident response from identifying resources that need to be protected to incident forensics
  • Tune information security data feeds to improve signal to noise ratio
  • Automate and enhance information security monitoring activities
  • Ensure that all regulatory security monitoring requirements are being met
  • Mentor less senior team members
  • Collaborate with Information Security team and risk constituents to ensure that all information systems conform to the company’s published security and privacy policies
  • Support audit and other evidence gathering activities

Skills & Requirements:

  • Bachelor’s degree preferred
  • 8 years experience in IT Security field
  • 4 years experience as an information systems analyst or similar
  • Ability to effectively translate policies into technical requirements and back again
  • Ability to effectively index large volumes of information for multiple constituencies
  • Expertise with vulnerability testing tools and protocols (e.g. OWASP-ZAP, nmap, Metasploit…)
  • Familiarity with vulnerability tracking organizations and standards (e.g. CERT)
  • EC-Council ECSA or similar certification preferred

Law.Jones

Apply Now