Associate Technical Consultant, Red Team
Description:
Job Description
Computer Design & Integration (CDI LLC), an AHEAD Company is an award-winning, nationally recognized organization that architects, deploys, and manages multiplatform hybrid IT solutions, including traditional IT, public, private and hybrid clouds. Recognized since 2000 as one of the top 500 IT solution providers in the United States, CDI LLC’s strategic differentiation is its commitment to understanding its clients’ business processes while continuously ensuring the advancement of their corporate strategies with the integration of best-of-breed technology solutions. CDI LLC continues to evolve and grow in a time of transformation within the IT industry, the rate of change is exponential, and the complexity of customer's requirements is growing at a similar rate. There are few companies that can compete in this environment and CDI LLC's goal is to be the best of the best.
Essential Functions:
Our consultants can perform a variety of tasks based on the individual needs of our clients and our internal business priorities, including but not limited to:
Learn and perform portions of technical security assessments, vulnerability scans, and penetration tests in customer environments (physical, network, wireless, web applications, etc.).
Regularly communicate with customers during security engagements.
Assist in development of technical and strategic recommendations to address issues uncovered in the assessment process with mappings to findings and industry standards.
Gain and maintain competence in security technology and stay abreast of trending threats and attack vectors.
Maintain security relevant training and certifications as they align to customer product and service offerings.
Other duties as assigned or requested.
The following approaches are necessary:
Planning: Thinking about solutions wholistically, foreseeing possible problems, and envisioning how security solutions will be completed in a high-quality manner while staying within the allotted time.
Deadline Driven: Willing to work the time required to adequately complete tasks in full.
Thorough: Conducting each assessment with the goal of testing as much of the customer infrastructure per the agreed upon scope.
Best Practices: Using official documentation, reliable online resources/books, and personal experience. Staying updated and educated to the development industry is a must.
Organization and general record keeping: Folder and file organization, date versioning, individual record keeping including time entry, habit of keeping credentials and important details in a safe place and accessible from anywhere.
Supervisory Responsibilities: None
Expenses: Yes
Required Driving: N/A to daily functions. Some travel for team events, and in-person customer meetings is expected.
Physical/Environmental Working Conditions:
General office environment is primarily sedentary work which requires the following physical activities: standing, sitting, walking, reaching, lifting, finger dexterity, grasping, repetitive motions, talking, hearing, and visual acuity.
Daily exposure to LCD.
A moderate noise level is usual.
Education:
Relevant Security/Networking certifications are a plus (Security+, Pentest+, eJPT, CEH, or equivalent security certifications)
Bachelor's degree in cybersecurity, information systems management, computer science or related field is a plus (**Relevant experience can be substituted in lieu of education)
Experience Required:
2+ year of demonstrable information security experience
Experience with various security applications and technology preferred (firewall, IDS/IPS, antivirus, application whitelisting, vulnerability scanner, e-mail security, etc.)
Experience with cloud security preferred (Office365, Azure, AWS)
Knowledge of NIST, CIS, HIPAA, CMMC and other regulations/frameworks preferred
Skills Required:
The desired candidate is versatile and possesses technical skillsets from the multiple discipline areas of our professional services practice areas. Candidates will be considered who do not meet all criteria so long as they possess curiosity and the drive for continuous learning, and innovation in technology.
Soft Skills
Ability to engage customers, partners, and fellow employees in a manner that is honest, respectful, and clear.
Professionalism with written and verbal communication with a strong focus on customer service.
Ability to context switch frequently.
Ability to prioritize work and meet deadlines under minimal supervision
Self-motivated with the willingness to constantly learn and innovate
Comfort with working in a fast-paced and innovative environment, with dedication to seeking the success of customers and the CDI team
Cyber Security
Knowledge of information security practices and procedures
Understanding of common security vulnerabilities and vulnerability management practices
Ability to communicate clearly to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments
Basic understanding of how to:
gather OSINT data using manual and automated tools
conduct physical penetration tests by using skills such as manipulating locks, cloning access cards, impersonating legitimate personnel, and more
create and execute customer phishing and vishing campaigns
run, interpret, and further enumerate outputs from common web application testing tools such as Burp Suite, Nikto, and Postman
conduct gap assessments which align with common frameworks such as NIST, CIS, HIPAA, and CMMC
design, write, and edit information security policies
script our repetitive actions
provide vCISO services to customers ranging from new to very mature information security programs
Infrastructure
Understanding of common infrastructure design and implementation
Experience with common operating systems such as Linux, Windows, and Mac
Compensation:
$60,000.00 - $80,000.00 USD Annual
This description portrays in general terms the type and levels of work performed and is not intended to be all-inclusive or represent specific duties of any one individual. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.