Risk Reduction Engineer
- Implement and direct processes across the vulnerability management lifecycle, including Discovery, Prioritization of Assets, Vulnerability Assessment, Reporting, Remediation, and Verification.
- Assist with developing team objectives to resolve outstanding risk and identify new areas of exposure.
- Assist in validating and remediating critical findings resulting from audit processes.
- Assist other teams in applying security best practice.
- Utilize industry-standard toolsets to map and reduce the attack surface of a complex and dynamic architecture.
- Collaborate with Threat Intelligence groups to overlay observations from the global threat landscape with patching and remediation strategy.
- Review opportunities to reduce the risk surface of Relativity, ensuring a highly secure target for adversary actors.
- Assist with the development of scripts, tools, and methodologies to identify and exploit points of exposure on internal and perimeter applications (penetration testing).
- Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
- Possess a high degree of proficiency in the following domains: port scanning, client-side attacks, and evasion techniques.
- Experience with vulnerability management and offensive security tools, including SecurityCenter/Nessus, Splunk, Burp Suite, and Metasploit.
- Able to contribute to security architecture discussions to ensure exposure to threats is minimized and countermeasures can be proactively applied.
- Familiarity with the security, attack surface, and threat profile of SaaS-based applications.
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Ability to identify adversary tactics, techniques, and procedures (TTPs), targeting, malware development and implementation.
- One or more of the following certifications: OSCP, CEH, GPEN, CISSP
- Detailed understanding of the vulnerability management lifecycle, and how this is applied in a corporate setting.
- Expertise in networking and security concepts.
- Capacity to provide both high-level and technical briefings on emerging threats and vulnerabilities, collaborating with extended Cyber teams to assess risk.
- Experience performing analysis of network traffic to identify anomalies and attacks.
- Ability to work collaboratively and independently to deliver projects based on high-level requirements and success criteria.
- 1-3 years experience in vulnerability management, security engineering, or a related discipline.