Vulnerability Senior Security Consultant
Location: Unites States
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
CyberProof is seeking a Senior Security Consultant:
What you would do:
- Review past historical penetration testing, vulnerability assessment and scan reports to understand application portfolio, including the most serious vulnerabilities. Review vulnerability trending within the AD organization’s portfolio.
- Review historical InfoSec incidents (across customer and managed service partners) and implement processes to proactively remediate.
- Analyse findings across applications and software and create a list of requirements for knowledge articles.
- Performed SAST/DAST scans and reporting
- Perform Interviews and discussions application stakeholders in understand to review the status of penetration testing findings and processes followed to remediate.
- Perform gap analysis of current vulnerability remediation policies, processes versus industry best practices for a health care organization to identify opportunities for improvement.
- Conduct feasibility study of meeting the existing SLAs on a continuous basis, Identify gaps and opportunities for improvement.
- Review, discuss and collaborate with application developers and AD stakeholders to obtain buy-in on security controls to be implemented. Discuss concerns, issues, and gaps.
- Act as a Subject Matter Expert (‘SME’) to conduct continuous training workshops and awareness sessions on vulnerability trends and violations that includes periodic brown-bag sessions, quizzes, awareness sessions and other forms of developer engagement.
- Perform continuous audit including current controls against NIST, HITRUST and SOC2 Auditing controls and implement those controls (e.g., CyberArk, Security Monitoring)
- Liaison with auditors during discussions on technical controls, address, clarify and/or lead discussions, provide inputs, feedback, advice, and guidance as required.
- Review software patching process for deployed applications and deprecation of older versions.
- Establish a tracker to the effectiveness of remediation operations through metrics reporting.
Must have Skills:
- Minimum of 10-15+ years of experience in Information Security.
- Through understanding of SDLC, SAST, DAST and Application Security vulnerability remediation, application penetration testing
- Hands-on implementation, configuration, auditing and engineering skills on CyberArk
- Should have performed the role of an Application Security and Identity Management Architect before
- Must have report building skills in excel, tableau
- Must have experience on managing vulnerability remediation management processes, programs, and adherence to SLAs
- Worked on tools like SonarQube, Contrast, Whitesource
- Must have experience in HITRUST, NIST and SOC2 controls assessments, gaps and remediation
- Must have SharePoint skills
- Strong communication and negotiation skills
- Client facing roles and dealt, driven and as a Single Point of Contact with InfoSec teams in a consultative and advisory activities
- Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements)
- Strong communicator and fluent in English.