Reporting to the Director of Security Practice, the Security Consulting Engineer based at the Agio Security Division Raleigh, North Carolina, will primarily work with external customers. Employee would be expected to perform a myriad of testing and assessments while consulting with the client with best in class security practices consistent with the client’s compliance requirements, business objectives, and budget.
Objectives – Year One
At the end of the first year, employee should be able to perform the following:
- Gap Analyses
- Penetration Testing
- Internal and External Vulnerability Assessments
- Consult with clients to recommend appropriate remediation/corrective actions to improve security posture
Conduct data collection interview sessions with customer to gather information regarding current infrastructure and the associated security, privacy and mitigating controls and measure compliance against security requirements set forth by both governmental and private agencies. Knowledge on how to perform a Security Risk Analysis (HIPAA, FFIEC, CJIS) based on the classification of discovered deficiencies into likely risk categories (NIST or ISO based) and recommend remediation options. Interact with clients as consultant to advise, recommend, and provide “best practices” security options upon discovery of security posture deficiencies. Deliver reports of findings, both written and oral, to what is frequently a diverse group of attendees including C-level executives, technical managers and hand-on technicians.
- Perform consulting and assessment work with customers to ensure the maximum security of their work products and data while aligning compliance requirements with optimum security posture.
- Work will be performed both at customer locations and in-house at security offices in Morrisville, NC. (Raleigh-Durham area)
- Substantial written documentation to include findings and remedial recommendations is required.
- Light travel (up to 25%) required.
- Should be comfortable speaking to clients regarding their security needs and making recommendations
- Ability to organize, write, and present findings and recommendations in a professional manner is critical.
- 5-7 Years experience in the IT security field
- Be able to execute at an advanced level in at least two and at an intermediate level in two or more of the following:
- Networking / infrastructure (routing/switching)
- Penetration testing, vulnerability scanning, and security assessments; background in Payment Card Industry (PCI), HIPAA/healthcare or financial services is a plus
- Security solutions (firewalls, IDS?IPS, encryption, advance authentication, SIEM, DLP)
- Windows Network Operation Systems/Active
- Directory/Messaging (Exchange or open source solutions)
- Applicants should carry at least one of the following certifications:
- SANS GSEC
- PCI QSA
- Must be a self-starter, able to work through issues from start to finish with little assistance, reporting on root cause providing recommendations for resolution.
- Expected to work as part of a team, not on an island, and be openly collaborative when working through issues with other team members.
B.S/B.A. Degree or Relevant Experience preferred