Sr. Cybersecurity Penetration Test & Threat Hunting (Ethical Hacker)

USA

Applications have closed

BLOCKCHAINS

At Blockchains, we envision a world transformed by blockchain technology, innovating with unlimited velocity; so, our efforts do not stop at software.

View company page

OUR VISION

Blockchains is committed to protecting and empowering individuals through the development of applications, services, and ecosystems designed to change the way people interact with technology, infrastructure, and each other. Software solutions in development by Blockchains focus on preparing the world for the next phase of the internet’s evolution – Web 3.0 – with an emphasis on digital identity, digital asset custody, IoT, and a stable means of digital payment.

Blockchains is dedicated to innovation, and its efforts do not stop at software. Blockchains envisions a world transformed by blockchain technology, in which digital- and real-world interactions are interwoven. Blockchains plans to build out a real-life sandbox in northern Nevada, where it, along with other like-minded companies and individuals, can come together to innovate and collaborate to create a better future for all.

WHAT YOU WILL DO

As a Sr. Cybersecurity Penetration Test & Threat Hunter, you will work with a talented group of IT, Cybersecurity, & GRC professionals.  You will be part of a global organization responsible for providing the complete attacker perspective, developing Cybersecurity Testing standards, vulnerability management, Threat Hunting, and executing various security tests and risk assessments on newly developed products, software, applications, networks, and systems across the Company.

Essential functions include, but are not limited to:

  • Providing security testing results and vulnerability assessment reports to key stakeholders, primarily to the VP IT/Cybersecurity and the Risk Advisory Council.
  • Developing Security testing and threat hunting technical standards and supporting programs and processes.
  • Conducting continuous analysis of security threat information (viruses, malicious code, potential backdoors, industry events, hackers, zero-day exploits, OEM weaknesses, IDS/IPS, and SIEM alerting) proactively assessing and investigating emerging threats and potential impact to Blockchains Inc. 
  • Assessing the applicability of threat and vulnerability feeds, rating the risk, and communicating to appropriate parties.
  • Recommending corrective actions to mitigate security threats and risks to Blockchains Inc. products.
  • Producing reports to demonstrate assessment coverage and remediation effectiveness and working with the Product engineers, IT, & Cybersecurity teams to ensure corrective actions are implemented.
  • Identifying internal and external threats could divulge vulnerabilities that would lead to the misappropriation of customer or company information.
  • Identifying and developing new tools, tactics, and procedures for changing threat scenarios.
  • Developing trend and research analysis techniques to identify new detection methods for new and evolving attack vectors.
  • Working directly with technical staff and leadership to promptly assess and implement mitigating controls to new attack vectors and a constantly changing threat landscape.
  • Identifying, evaluating, and communicating new and ongoing security threats to senior management.
  • Communicating and influencing technical (especially security) and business issues and/or solutions to multiple organizational levels internally and externally.

WHAT YOU WILL NEED TO SUCCEED

To ensure success, you must have a passion for all things Cybersecurity and be detailed-oriented.  You are a diligent worker who is equally technical and business-minded.  You are knowledgeable in taking a risk-based approach to prioritize efforts.  You can work with numerous cross-functional teams in a fast-paced, growing company.  Strong verbal and written communication skills.  Experience in blockchain technologies is preferred.  

Competencies & Qualifications

  • Expert knowledge with many different tools of the trade to include: Metasploit, Nmap, Nessus, burp suite, Accunetix, Qualys, Core Impact, IDAPro, Fiddler, Wireshark, Netcat, OWASP Zap, etc.
  • Knowledge and experience with Red, Blue, and Purple teams and activities.
  • Experience with diverse IT products, architectures, and enterprise IT data centers, large-scale transaction processing environments, external hosted services, and cloud computing environments. Extensive knowledge and experience with physical and virtual server configurations and implementations.
  • Experience working with perimeter technologies (e.g., router, firewalls, proxies, WAF’s, and intrusion detection) and vulnerability management tools (i.e., vulnerability scanners, file integrity monitoring, configuration monitoring).
  • Knowledge of configuration management, change control, risk assessments, exception management, and security baselines and frameworks (e.g., CIS Baselines & NIST CFS).
  • Knowledge of and experience with MITRE ATT&CK and the Penetration Testing Execution Standard (PTES).
  • Experience applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVS and Open Web Application Security Project (OWASP)) processes and remediation recommendations.
  • Strong technical skills and hands-on experience assessing threats to multiple operating system platforms, database, and application servers, custom, and off-the-shelf applications.
  • Experience with static code analysis and capabilities of tools such as GitHub, GitLab, Veracode, Coverity, IBM App Scan, and HP Fortify.
  • Expertise in advising on network segmentation, network ACLs, and protocols such as DNS, HTTP/S, TCP, UDP, TLS, etc.

YOUR EDUCATION AND EXPERIENCE

A minimum of eight years of relevant cybersecurity, penetration testing, IT (systems/network) work experience with a bachelor’s degree in computer science, computer engineering, cybersecurity, or a related field. A minimum of five years of hands-on Penetration testing or Ethical Hacking, vulnerability management, and threat hunting experience. Leadership and mentoring skills will be necessary to provide support and constructive performance feedback: significant IT & Cybersecurity domain knowledge and experience managing IT & Cybersecurity projects.  Experience with DevSecOps is highly desired. You must be a self-starter and team player with the ability to work independently with limited supervision. Experience with HIPAA, PCI, ISO, NIST, and other compliance standards and frameworks is desired. Experience with banking regulations and their implementation and controls to remediate findings related to these regulations. Excellent writing and verbal communication skills, interpersonal and presentation skills, and the proven ability to influence and communicate effectively. You must be flexible and manage multiple tasks and priorities on very tight deadlines. Demonstrated understanding of corporate protocol, maintained a high level of discretion and confidentiality. This position also requires you to have a deep understanding of practices relating to IT standards such as NIST CSF, SP 800-53 R5 AND 800-37 R2, ISO/IEC 27001, ISO 22237, SOC2/SOC3, and CCSS (Cryptocurrency Security Standard).

 

Blockchains, Inc. (“Blockchains”) is proud to be a diverse workforce, and we are committed to inclusion and diversity to ensure equal opportunity for all applicants. Blockchains provides equal employment opportunities to all employees and applicants regardless of race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, marital status, physical or mental disability, veteran status, or any other characteristic protected by federal, state, or local laws.

When you apply to a job on this site, the personal data contained in your application will be collected by Blockchains, Inc. (“Controller”), which is located at 610 Waltham Way, Sparks, NV 89437 and can be contacted by emailing privacy@blockchains.com. Controller’s data protection officer is Edward O'Connor, who can be contacted at privacy@blockchains.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at privacy@blockchains.com. 
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Banking Blockchain Burp Suite Cloud Code analysis Compliance Computer Science Core Impact CVSS DevSecOps DNS Ethical hacking Exploits Firewalls GDPR GitHub HIPAA IDS Intrusion detection IPS Metasploit MITRE ATT&CK Monitoring Nessus NIST Nmap OWASP Pentesting Privacy Qualys SIEM SOC 2 SOC 3 TLS Veracode Vulnerabilities Vulnerability management

Perks/benefits: Flex hours Team events

Region: North America
Country: United States
Job stats:  11  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.