About the Opportunity:
Epsilon is looking for a Network Vulnerability and Application Security specialist to join our security team. At Epsilon, we work in a fast paced, collaborative environment where we offer the opportunity to work for a pioneering company in securing big data.
The Network Vulnerability and Application Security specialist is a hands-on role that requires high degree of technical expertise. The person is responsible for a broad range of tasks, including the day-to-day administration of vulnerability scanning and application security assessment tools. Qualified candidate will be responsible for assessing identified vulnerabilities, prioritizing and driving remediation of vulnerabilities relating to systems, applications, and infrastructure devices.
The candidate will be responsible for leading program maturity efforts and initiatives in Vulnerability Management and Application Security functions within the Infosec Operations department. This includes, but is not limited to: driving improvements with vulnerability scanning automation; validation of vulnerability findings; asset/network discovery; regulatory scanning requirements; driving next generation security operations approaches/tools and producing automated dashboards to measure the effectiveness of the program.
The individual in this position interacts closely with personnel from various IT departments — including the application development, operations and network, and client development — and with business departments.
We are looking for individuals who have experience performing daily, hands-on, Network and software security assessment and remediation activities and support the security team as part of the vulnerability management and application security program. The position includes performing network scans and software security activities within the defined application security program including; network and application vulnerability testing and analysis, code review, use of common tools, written and verbal articulation of remediation recommendations and follow up.
Duties & Responsibilities:
• Maintain tools like Rapid 7 Nexpose and Veracode used for conduction vulnerability scanning and application security testing
• Perform asset and network discovery activities, helping to ensure full coverage of the Epsilon environment
• Perform network and application security scans using the latest scanner tools and methodology
• Perform system and application vulnerability testing
• Establish a strategy and framework for performing validation of scanning results
• Review, asses, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
• Prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
• Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach
• Collate security incident and event data to produce monthly exception and management reports
• Implement or coordinate remediation required by audits, and document exceptions as necessary.
• Developing program quality metrics as both program performance indicators and enterprise risk indicators
• Leverage firm inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
• Integrate findings across infrastructure, web application, and static code security testing to provide a holistic security posture for assets
• Monitor security vulnerability information from vendors and third parties
• Helping to develop the firm’s next generation vulnerability management program including formalized assessment criteria, integration with asset inventory, enterprise vulnerability scanning, and remediation tracking and governance.
• Manage the firm’s penetration testing program by leveraging both in house staff and vendor expertise to identify weaknesses in technology, people or process.
• Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master’s Degree preferred.
• Atleast 2 years of experience as a Vulnerability Assessment Engineer, Application Security Specialist, Cybersecurity Systems Engineer, or equivalent.
• Ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
• Ability to demonstrate knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
• Experience in deploying and operating vulnerability scanning infrastructure and services
• Previous hands on experience in application or network penetration testing
• Strong knowledge industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP)
• Have working experience and knowledge of Unix/Linux operating system.
• Ability to read, write and modify scripts for automation of vulnerability management tasks
• Knowledge of security auditing techniques
• Excellent verbal and written communication
• Strong analytical skills
• Strong team player with ability to take charge of their area of expertise
• Comfortable working outside their comfort zone with a willingness to learn
• Penetration Testing: SET Toolkit, War Dialing, VOIP testing, SQL Injection, Web Application Testing
• Vulnerability Assessment: Nexpose, Metasploit, Nessus, Qualys, Kismet, etc
• Web Application Testing: Veracode, App Scan, Hailstorm, Nikto, Grendel, Burpsuite, etc
• Database Testing: Scuba, SQLninja, AppDetectivePro, Havij, Mysqloit, SQLmap, etc
• Network Assessment: NMAP, Nipper, Wireshark, TCPdump
• Password Cracking: John the Ripper, Medusa, Cain, rainbow tables
• Experience reviewing audit logs utilizing SIEM tools
• Advanced knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
• Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
• OSCP, OSWP, OSCE, and GIAC certifications a plus
Conditions of EmploymentAll job offers are contingent upon successful completion of certain background checks which unless prohibited by applicable law may include criminal history checks, employment verification, education verification, drug screens, credit checks, DMV checks (for driving positions only) and fingerprinting.
Great People, Deserve Great BenefitsWe know that we have some of the brightest and most talented associates in the world, and we believe in rewarding them accordingly. If you work here, expect competitive pay, comprehensive health coverage, and endless opportunities to advance your career. From tuition reimbursement to scholarship programs to employee stock purchase plans and 401(k)s, we offer associates a variety of benefits that work as hard for them as they work for us.
About EpsilonEpsilon is a global leader in creating connections between people and brands. An all-encompassing global marketing company, we harness the power of rich data, groundbreaking technologies, engaging creative and transformative ideas to get the results our clients require. Recognized by Ad Age as the #1 Largest World CRM/Direct Marketing Network, #1 Largest U.S. Agency from All Disciplines and #1 Largest U.S. Mobile Marketing Agency, Epsilon employs over 7,000 associates in 70 offices worldwide. Epsilon is an Alliance Data company. For more information, visit http://www.epsilon.com/, follow us on Twitter @EpsilonMktg or call 1.800.309.0505.
Alliance Data provides equal employment opportunities without regard to race, color, religion, gender, age, national origin, disability, sexual orientation, gender identity, veteran status or any other characteristic protected by law.
Alliance Data participates in E-Verify
For San Francisco Bay Area:
Alliance Data will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco Police Code Sections 4901 – 4919, commonly referred to as the San Francisco Fair Chance Ordinance.
: USA – United States-3120 – Texas-41418 – Irving-73-Irving (DAL), TX – 6021
: USA – United States-3090 – Illinois-50082 – Chicago-C5-West Chicago, IL, USA – United States-3095 – Massachusetts-79093 – Woburn-71-Wakefield (BOS), MA