Senior Consultant
United States
Coalfire
Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable…Duties
- Assess the security and compliance of client firms against industry best practices and various regulatory standards, including Payment Card Industry Data Security Standard (PCI DSS), HIPAA, HITRUST, and SOC. Conduct gap analysis and information security compliance assessments related to multiple information security frameworks such as PCI DSS, OWASP, and NIST Cybersecurity Frameworks to manage cybersecurity-related risk; prepare professional technical reports that include detailed assessment observations and evaluations of the Information Technology (IT) environments, including servers, virtual machines, DMZ design, TCP/IP protocols, NTP settings, etc.
- Evaluate network security technologies such as firewalls, routers, switches, load balancers to ensure encrypted data transmissions for compliance with industry best-practice configuration standards such as CIS or NIST. Analyze security configuration script output results from network devices (firewalls, routers) and server operating systems (Windows, Linux, Unix) and provide recommendations to fix misconfigurations and policy violations identified with industry security standards.
- Analyze penetration testing and vulnerability scan reports from security control assessments to ensure that all vulnerabilities labeled with High/Medium CVSS severity are remediated. Evaluate security hardening standards for system components and operating system types conformance with industry-accepted system hardening standards, such as NIST and CIS benchmarks, and address known security vulnerabilities.
- Evaluate the security configuration of computing platforms (e.g. cloud computing services on Amazon Web Services, Google Cloud, Microsoft Azure) and virtualization technologies to include VMware and Hyper-V. Examine and analyze network and data flow diagrams, information security policies/processes, vulnerability management processes, and risk assessments for information security compliance.
- Analyze incident response plans and procedures to be implemented in the event of system security breaches. Research the latest information technology (IT) security trends, such as encryption algorithms, anti-malware mechanisms, and system firewalls for protection of sensitive data.
- Provide mentorship to team members with information security best practices, builds security awareness posture to ensure high quality products to our customers.
- Establish and maintain positive collaboration with business customers and provide security enhancements upon issues pertaining to the information security of organization.
Requirements
- Master of Science in Computer Science, Software Engineering, or closely related field.
- Education and/or experience must include theoretical and/or knowledge of: Information security & compliance frameworks; Technical security & systems and/or network administration, including Operating System(s) security configuration, Switches, Routers, Wireless (Wi-Fi), Firewalls, IDS/IPS, Mobile Devices; information & systems security principles & concepts including Threat & Vulnerability Assessment, Penetration Testing, Security Frameworks, Cryptographic protocols & Data Encryption; network infrastructure & network and dataflow diagrams; configuration management technologies deployments; Cloud security including cloud-based infrastructure & virtualization technologies; Software Development Life Cycle & secure coding guidelines; data base management system software; data encryption algorithms & protocols; Identity & Access Management (IAM) methodologies, access management & authentication mechanisms; network packet capture analysis & networking monitoring tools.
- Position also requires at least two industry certification such as QSA, CISM, CISA, (ISC), or CISSP. Position is eligible to telecommute 100% of work schedule.
- Travel requirement of up to 20% of work schedule.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Azure CISA CISM CISSP Cloud Compliance Computer Science CVSS Encryption Firewalls GCP HIPAA HITRUST Hyper-V IAM IDS Incident response IPS Linux Malware Monitoring Network security NIST OWASP PCI DSS Pentesting Risk assessment SDLC SOC TCP/IP UNIX VMware Vulnerabilities Vulnerability management Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs