??We are looking for Cyber Security Consultant with APT and Penetration Testing for our client in ????New York City, NY / Cary, NC
Job Title: Cyber Security Consultant with APT and Penetration Testing
Job Location: New York City, NY / Cary, NC
Job Type: Contract ? 12 Months / Contract to Hire / Direct Hire
- 8years plus experience
- Has worked on Cyber Security Regulations ( NY state department offinancial services )
- Management of the entire APT testing process from start to finish for assets in scope of NYSDFS500 (Critical_serious) including 3rd party vendor hosted. This is usually a 2-3 month process
- All communication to ITAO?s, TISO?s and BISO?s in regards to testing and requirements.
- Proper audit trail and of the APT tracker testing workflow until completion and compliancy of the asset. (Test request, scope of test, SOW, quotes, testing environment, accounts/access, reports, findings review, compliancy )
- Walking/guidance of ITAO?s, TISO?s and BISO?s through the entire testing process.
- Provide all assistance required for the testing to take place, including training of APT tracker.
- Allocation of penetration tests to the different client approved penetration test vendors if required.
- Approval of the scope and the estimated effort required for each penetration test.
- Review, monitoring and validation of the quality of penetration tests and reports from APT vendors.
- Review and monitoring the quality of penetration tests and reports from 3rd party hosted assets.
- Approval of third party penetration test reports and uploading these test results and finding to the APT Tracking Tool
- Management of the retest process with the APT vendor.
- Handling of all aspects of APT Reporting for NYSDFS500 program.
- In exception type of situations the same services above covering additional regions: UK, Germany, APAC, India, and Latin America.(if the application is used in the US)
Scope of Service Role:
- The ISS_VCR_APT services team performs an important function in the protection department within the Bank?s CISO organization.
- The objective of application penetration testing is to detect design and implementation weaknesses in applications that could be used by an attacker to gain unauthorized access to information, to damage the reputation of Deutsche Bank Group or to impair normal business operation
- Periodic penetration tests are a regulatory required part of precautionary measures to safeguard Group?s information assets and achieve information security at all times
- Resources should be of the categorySecurity Consultants/Middle experience and be located physically in the North America region, although remote access is acceptable. Resources performing this role should work with minimum supervision from senior management. Lateral thinking, team player, innovative and creative has the ability to work under pressure. The Job requires the following tasks and skill sets.
- Operating vulnerability assessment tools, including network scanner and host-based network scanners. This includes liaison and management of 3rd party vendors who provide independent vulnerability results
- Plan, lead and support stakeholders in remediation of vulnerabilities
- act as an escalation point of contact for team members, vendors and stakeholders
- Be able to review scope for penetration testing and risk ratings for vulnerabilities
- Be able to deliver projects under rigid schedule
- Be able to track and close security topics such as open high risk findings or assessments
- Provide technical advice to Senior Management on security topics
- Work on RFI/RFP topics, be able to converse with Global sourcing and legal team for contracts, Master Service Agreements and Non Disclosure Agreements
- Develop presentations to Senior Management on new initiatives or budget approvals
- A strong understanding of security vulnerability concepts and exploitation methods. Especially in the infrastructure and OS space such as Windows and UNIX
- A good understanding of web technologies and web security hardening techniques, including IIS/Tomcat and Apache
- Written and verbal fluency in English is important as training will be required over the phone.
- Excellent analytical skills, with the ability to breakdown complex problems into actionable steps.
- Ability to communicate IT security issues to other business areas in technical and non technical language
- Knowledge of ITIL framework would be advantage
- Tools used Nmap, Nessus, shell scripting, automation in reporting, exploitation etc
- previous experience in project managementpreferred especially tracking remediation