Vulnerability Management Senior

This year we were rated top 100 firms to work for by Inside Public Accounting and Accounting Today. We are always looking for new team members who bring a fresh perspective, technical expertise, and a passion for solving problems. At Citrin Cooperman, we offer you the flexibility to take your career to the next level and still allow you to focus on what matters to you!

We are looking for a Vulnerability Management / Incident Response Senior to join our Technology, Risk Advisory, and Cybersecurity (TRAC) practice, preferably from the Northeast and able to commute to our Providence office. As a TRAC Senior, you will be responsible for providing excellent client service. Our firm provides excellent compensation, benefits, wellness initiatives, and a strong career path for high performing professionals.

Responsibilities:

• Perform penetration testing against many distinct types of applications and networks.
• Identify and exploit vulnerabilities in applications and networks.
• Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications.
• Research emerging security topics and new attack vectors.
• Work independently to meet customer and project deadlines.
• Interact with customers in a collaborative consultative manner to deliver results, provide feedback, and make remediation recommendations on penetration testing findings.
• Prepare reports on results of penetration tests and vulnerability assessments performed for delivery to technical and non-technical clients.

Required Skills/Experience:

• A year or more successfully working in a “work from home” / remote capacity.
• 5 or more years of penetration testing with 3 or more years of specific application and network / red team penetration testing experience in a consulting environment.
• Current holder of Certified Ethical Hacker certification
• Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.).
• Understanding of how data flows through an application and/or network and connected components (SMTP, LDAP, Database servers).
• Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.).
• Ability to review a client’s environment for security and configuration weaknesses, generate a list of recommendations, and advise the client on implementing the recommendations.
• Familiarity with:
  • Common Windows/Linux commands and scripting.
  • Typical application and network security concepts.
  • OWASP Top 10 and CWE/SANS Top 25 classification systems.
  • Profiling an application or network, identifying threats, and developing test cases to target identified threats.
  • Developing proof-of-concept exploit examples to use within reports or live demonstrations.
  • Documenting and communicating results that may be consumed by both developers and management-level audiences.
  • using the tools listed below (open to others not listed):
    • Intercepting Proxies (e.g., Burp Suite, Charles, OWASP ZAP proxy, etc.).
    • Exploit frameworks (Metasploit, Immunity CANVAS, CORE Impact).
    • Vulnerability scanners (Nessus).
    • OSINT discovery (Shodan, Maltego)

Desirable Skills/Experience:

• Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major.
• Current holder of penetration testing certifications such as OSCP, OSWP, GWAPT, GXPN, GPEN. CREST or Tiger SST certification a plus.
• 2+ years of professional web-application development, testing, or source code review experience.
• Familiar with writing tools to aid in penetration testing.
• Experience conducting targeted phishing and related social engineering tests.
• Experience developing custom scripts or tools used for vulnerability scanning and identification.
• Incident response experience is a plus.
• Unix, Windows, or networking security experience

About Citrin Cooperman