Cyber Vulnerability Analyst and Penetration Tester II

Full Time
San Antonio, TX
Areas of Interest: Vulnerability Assessment and Management
report a problem
Overview


Redefining the Way the World Consumes Cloud Computing
Join a community that is building the foundation for tomorrow today.

PRIMARY RESPONSIBILITY: 
Responsible for conducting vulnerability assessment scans, leading penetration testing efforts, exposing security vulnerabilities and risks, and recommending solutions to mitigate such vulnerabilities. Contributes to building and delivering services, solutions and processes that enable security defects to found, fixed or avoided before applications are released to production. Tracks public and privately released vulnerabilities and acts as a leader or subject matter expert in the corporate triage process including: identification, criticality evaluation, remediation planning, communications, and resolution. Conducts vulnerability assessment scans, exposing security vulnerabilities and risks and recommending solutions to mitigate such vulnerabilities.

KNOWLEDGE/SKILLS/ABILITY:

  • Significant practiced experience executing and leading vulnerability assessment and penetration testing engagements. Significant, demonstrated knowledge regarding security vulnerabilities, application analysis, and protocol analysis; with a specialization in at least two subject areas.

  • Strong attention to detail.

  • Strong verbal and written communication skills.

  • Strong analytical and problem solving skills.

  • Experience devising methods to automate testing activities and streamline testing processes.

  • Significant experience with Linux and Windows operating systems.

  • Practiced experience with common programming or scripting languages.

  • Exploit development experience a plus.

  • Ability to interpret and prioritize vulnerability scan results into remediation actions, track those actions through to completion, and transfer knowledge to others.

  • Strong analytical and problem solving skills.

  • Demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.

  • Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools).

  • Ability to understand and articulate information security risks associated with vulnerability and penetration testing.

  • Knowledge of patching programs ofmajor hardware/software manufacturers.

  • Knowledge of secure configuration and hardening of systems.

  • Ability to analyze vulnerabilities in order to appropriately characterize threats and provide remediation advice.

  • Significant experience with classes of vulnerabilities, appropriate remediation, and industry standard classification schemes (CVE, CVSS, CPE).

 

Qualifications

JOB COMPLEXITY:

  • Executes and leads mobile black box testing, source code analysis, manual pentesting, vulnerability assessment and training.

  • Reports out on vulnerability and penetration testing and works with business units to develop remediation plans.

  • Works closely with the Risk Management, ISOC and Intel teams.

  • Keeps up with the changing nature of security threats.

  • Assesses the risk from not only a tactical perspective but also a strategic/global scale and apply these findings to aid in prioritizing remediation efforts.

  • Interacts with business units to discover, triage and resolve security vulnerabilities with manual and automated tools to enforce security criteria as part of a Secure Development Life Cycle on a continuous basis.

  • Researches and investigates new and emerging vulnerabilities and participate in external security communities.

EXPERIENCE/EDUCATION:

  • Bachelor’s degree in Computer Science or related field required.

  • At the manager’s discretion, additional relevant experience may substitute for the degree requirement.

  • Typically requires 6 years Security Analyst experience with 5+ years experience performing vulnerability assessments and penetration testing.

  • Experience applying ethical hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques.

  • Current CEH, GPEN, CISSP, and GCIA certifications preferred.

Req # 34413

Location(s) US-TX-San Antonio

Category Cyber Security

Stay in Touch!

Don’t see anything that fits your strengths or skills? 
Sign-up to be a part of our ‘Talent Community’ and receive information about jobs you’re interested in when they become available.
 
Equal Employment Opportunity Policy: Rackspace is committed to offering equal employment opportunity without regard to age, color, disability, gender, gender identity, genetic information, marital status, military status, national origin, race, religion, sexual orientation, veteran status, or any other legally protected characteristic. 

The above information has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or to be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the employee assigned to this job.



Share this job:

Rackspace

The #1 managed cloud company
Rackspace, the #1 managed cloud company, helps businesses tap the power of cloud computing without the challenge and expense of managing complex IT infrastructure and application platforms on their own. Rackspace engineers deliver specialized expertise on top of leading technologies developed by OpenStack, Microsoft, VMware and others, through a results-obsessed service known as Fanatical Support®. We have more than 300,000 customers worldwide, including two-thirds of the FORTUNE 100. Rackspace was named a leader in the 2015 Gartner Magic Quadrant for Cloud-Enabled Managed Hosting, and has been honored as one of Fortune’s Best Companies to Work For in six of the past eight years.
 
Specialties
Hybrid Hosting, Cloud Hosting, E-Mail Hosting, Dedicated Managed Hosting, IT Services, Platform Hosting, VPN's, Network Security, SharePoint, and various other IT services, Managed Cloud
Visit Rackspace's Social Media pages:
Company Industry: Information Technology and Services
Company Type: Public Company
Company Size: 5,001-10,000