Dieses Stellenangebot ist nicht mehr verfügbar
CMMC Security Analyst
6AM City
- New York, New York, United States
- New York, New York, United States
Über
The ideal candidate will be responsible for assessing information risk and making recommendations for remediation within IT environments. Penetration testing (Ethical Hacking), Vulnerability assessments, Microsoft Best Practices, and CIS Baseline analysis will be required. Assessments will be performed against government regulations such as CMMC , NIST 800-171 and other Cyber security engagements including PCI and HIPAA . You will provide expert IT Security and Risk Analysis to a variety of clients all with different scopes and sizes of engagements. Every day is a different experience!
About Dox: Since 1982, Dox has been providing Security assessments and professional IT Support for organizations all across the Continental United States. We deliver enterprise-level services and solutions at prices small businesses can afford. Time and experience have helped us develop best practices and workflow procedures around a proactive philosophy designed to keep our clients’ focus on their business, not their technology.
At Dox, we believe you should love what you do and be passionate in your pursuits. Our employees dedicate themselves to fulfilling the needs of our clients and, in turn, the company invests thousands each year in training them so they can grow in their careers. We like to promote from within the company and offer room for upward mobility, career development, and infinite potential. We treat our employees like family and offer a supportive, exciting, and entertaining work environment.
Responsibilities include but not limited to the following:
Select, design, create, and maintain appropriate tools for testing.
Documents test methodologies.
Plan and perform penetration tests and vulnerability scans on computer systems, networks, web-based and mobile applications, including;
Focusing on network security and identifying potential weaknesses and vulnerabilities.
Performing event correlation and analysis using tools to identify malicious activities and determine appropriate response actions.
Preparing comprehensive documentation of test results, including identified weaknesses, exploitation methods, and the impact on the organization.
Ensuring compliance with Federal, DoD, and Intelligence Community regulations, policies, and standards.
Gather data intelligence from the output of the automated penetration tools as well as information gathered in earlier stages to identify vulnerabilities that the tools may not identify.
Communicate with relevant stakeholders, including technical points of contact, to discuss assessment findings and recommend mitigation actions.
Analyze outcomes and make recommendations for security improvements.
Review physical security and perform social engineering tests where appropriate.
Enhance existing methodology material.
Evaluate and select from a range of penetration testing tools.
As applicable, maintain knowledge of the latest: Testing and ethical hacking methods.
Security threats and vulnerabilities.
Changes to relevant regulations and standards.
Performs other duties as assigned.
Requirements:
Proven expertise at advanced levels in five of the following, to include ability to combine components into a functioning multi‑layer network of heterogeneous devices and applications and ability to inspect and replicate a system of such components:
Required: CMMC Certified CMMC Professional (CCP) or Certified CMMC Assessor(CCA)
Must be an expert with Nessus and other popular security software
Virtual Environments such as VMware and Hyper‑V
Microsoft Windows Operating System versions.
UNIX (Solaris, HP‑UX, etc.) Operating System versions.
Linux variant Operating System versions.
Scripting language software development.
Wireless (WiFi/WiMax/Bluetooth) technology (hardware or core software).
Ubiquitous core network device (switch/router/hub) technology (hardware or core software).
Proven ability to perform computer network vulnerability assessment and penetration testing. Understanding of risk planning and mitigation strategies. Ability to prepare and present documents and briefing materials. (Individual positions within this labor category have additional qualification and competency requirements.)
Other Professional Skills:
Articulate communicator, fluent in English with excellent listening skills.
Self‑motivated and ambitious.
Great written and oral skills.
A team player who isn't a clock watcher.
Must be detailed, precise and accurate.
Excellent skills in maintaining relationships with clients and other external parties.
Physical Demands:
Prolonged periods sitting at a desk and working on a computer.
Must be able to exert up to 50 lbs. of force occasionally and/or up to 20 lbs. of force frequently, and/or up to 10 lbs. of force constantly to move objects.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.