Rose International INC Technical Consultant in Indianapolis, Indiana
Position Title: Technical Consultant
Position Number: 297923
Location: Indianapolis, IN
Desired Skill Set:
CISSP, Data Analysis, ITIL, Risk Analysis, Risk Management, Security, Vulnerability, Web
C2C and STEM-OPT are not available
Only U.S. Citizens and those authorized to work in the U.S. can be considered as W2 candidates.
Title: Vulnerability Management
Duration: 3-6 month with possible extensions
Location: Indianapolis, IN
Our Client as an opportunity for a vulnerability management resource, that’s specific to web application security. High level requirements are Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Security Configuration Assessment (SCA).
• Establish relationships with internal and external customers and partner with them to monitor and maintain security controls across corporate and business applications.
• Interact with customers or other stakeholders to aid in the resolution of vulnerabilities that have been identified.
• Assist in defining and continually improving Vulnerability Risk Management requirements for global IT support organizations.
• Develop processes and/or improve current processes related to Vulnerability Risk Management. This would include working with various Application Teams to ensure their portfolio includes Vulnerability Risk Management deliverables.
• Partner with our team to conduct vulnerability assessment and monitoring services for applications that are in scope of the services, including leading continuous improvement efforts over time in response to customer feedback and internal reviews.
• Partner with business units to identify and implement Vulnerability Risk Management operational needs and assist with remediation coordination efforts.
• Resolve technical issues escalated from the SOC as they relate to various components of the Vulnerability Risk Management services.
• Technical subject matter expert for the Vulnerability Risk Management tools used to perform scans on global applications.
• Triage newly identified critical vulnerabilities and zero-day vulnerabilities, assess threat and impact information, and manage escalation processes for remediation based on risk.
• Continuously improve the processes and procedures to include reporting exceptions for further review including escalation to the appropriate risk owners.
• Coordinate with the Threat Intelligence Team and SOC to drive key vulnerability initiatives.
• Interact with stakeholders to develop and fine tune the process of how metrics are calculated and communicated.
• Provide written and oral communications as appropriate to the Information Security Manager related to Vulnerability Risk Management quantitative metrics, reporting, and analysis.
• Follow departmental change management process to ensure appropriate implementation of metrics and reporting capabilities.
• Lead services to integrate Static and Dynamic Application Security Testing into the SDLC to ensure new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.
• Integrate internal business intelligence of high value assets into Vulnerability Risk Management tools.
Required Skills & Experience:
• Comprehensive knowledge of Application Vulnerability Management identification, analysis, metrics and reporting tools as well as processes enabling proper governance, risk and compliance.
• Working knowledge of ITIL and experience working with IT services.
• Strong written and oral communication skills.
• 5+ years of Advanced experience with:
o Data analysis and problem resolution. Must be able to integrate and correlate large amounts of data to identify complex patterns and trends.
o Applying good risk-based judgment to complex problems.
o Evaluation of threats and risk to business operations resulting in security solutions that appropriately balance cost and risk mitigation.
o Web Applications (.Net, Java, Cold Fusion, PHP, Node.js, Ruby on Rails)
• Experience in assessing the risk of a proposed solution, escalating appropriately and driving to closure.
• Ability to think analytically and to understand and communicate quantitative information.
Some or all of the following certifications are preferred but not mandatory:
• Certified Information System Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Ethical Hacker (CEH)
• GIAC Certifications:
o Certified Security Essentials (GSEC)
o Certified Enterprise Defender (GCED)
o Certified Penetration Tester (GPEN)
o Certified Web Application Penetration Tester (GWAPT)
o Certified Exploit Researcher & Advanced Penetration Tester (GXPN)
o Certified Incident Handler (GCIH)#CBRose#
Send me a reminder to complete this application
Rose International is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender (expression or identity), national origin, arrest and conviction records, disability, veteran status or any other characteristic protected by law. Positions located in San Francisco and Los Angeles, California will be administered in accordance with their respective Fair Chance Ordinances.
Rose International has an official agreement (ID #132522), effective June 30, 2008, with the U.S. Department of Homeland Security, U.S. Citizenship and Immigration Services, Employment Verification Program (E-Verify).
(Posting required by OCGA 13/10-91.)