Conduct application and network attack & penetration audits, and other assurance and compliance audits. Coordinates programs to be executed with internal and external groups and ensures successful delivery of penetration tests and audits, in line with agreed methods and guidelines. Also responsible for evaluating and advising leadership on the readiness for the commencing of external audits, and coordinating activities related to audits such as document requests, evidence collection, and liaising with the external auditors and internal departments involved in the audits.
- Execute application and network penetration testing that will vary in level of complexity from simple to moderately complex.
- Develop detailed work plans, schedules, resource plans for recurring penetration testing.
- Summarize findings and recommend corrective measures to seek resolution.
- Advise leadership of the technical and business risks of identified vulnerabilities.
- Liaise with external third-party penetration testers as required.
- Establish and report on metrics to gauge penetration testing effectiveness, progress and key risk areas identified through internal and external audits.
- Interface directly with management teams for coordination of evidence collection necessary for audit execution.
- Identify risks and escalates potential project issues to management as required.
- Implement changes to procedures and systems to enhance data systems security.
- Recommend process improvement strategies.
- Monitor remediation activities
- Provide technical expertise and support to management and associate ethical hacker during penetration testing in the implementation of appropriate data security procedures and products.
- Identify and determine causes of security violations and recommend corrective actions to ensure data security.
- May perform other duties as assigned.
- One or more of the following certifications preferred:
GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), OSCP, Certified Information System Auditor (CISA), and/or Certified Internal Auditor (CIA) or other professional certifications in related area.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Cyber Defense Labs, LLC
Cyber Defense Labs specializes in helping clients reduce business risk BEFORE, DURING and AFTER a cyber incident. The Company provides end-to-end cybersecurity services.
Company Website: www.cyberdefenselabs.com
(if you already have a resume on Indeed)