Vulnerability Researcher - job id 32157


Your Way To Workā„¢

Vulnerability Researcher

$$

Baltimore 2



How to Apply

logo

Maxim Nikouline


logo

(646) 876-9538


logo

(212) 616-4800 ext-190




A Contract position at a global financial services firm.

Pay Options: IC - Self Incorporated or w2.

Contact Maxim call (646)876-9538 /or email max@sans.com with the Job Code MN32157 or Click the Apply Now button ().

Location: Baltimore 2.

Skills required for the position: CYBER SECURITY, VULNERABILITY , NETWORK.


Detailed Info: Continues assessment of Critical vulnerabilities. Perform a deep technical analysis of vulnerabilities and associated exploits. Create a detail technical report concerning vulnerabilities along with PoC code. Share vulnerability intelligence with other security teams including threat intelligence, security operations and risk management. Be able to successfully partner with other security teams to assess potential impact from vulnerabilities o Determine and suggest mitigating controls. Stay on top of the vulnerability landscape and be up-to-date on current attacks or potential attackso Review and analyze vulnerabilities in order to determine and understand the nature of the threato Evaluate, rate and perform risk assessments o Prioritizing vulnerabilities discovered along with remediation timeline(s) Send and receive notifications to the SMEs of vulnerabilities within the environment. Interaction with multiple global teams (cyber analytics , hunt, security architecture, penetration testing, application development, Risk Officers, etc) Maintain knowledge of the threat landscapeo Provide reporting and analysis and follow up. Provide vulnerability analysis and produce reports for management. Participate collecting, assessing, and cataloging threat indicators.

Development/Computing Environment: 2-5+ years' experience in vulnerability management or related cyber security field. Knowledge of application, network and operating system security. Understanding the concepts of exploitations. Knowledge with exploitation mitigation techniques ( DEP, ASLR , stack cookies) Strong experience analyzing exploits related to commonly exploited software. Experience with vulnerability and patch assessment. Good understanding of Windows and Linux OS and patching. Knowledge of vulnerability scoring systems (CVSS/CMSS) Strong familiarity with common vulnerability & exploit tracking/collaboration circles. Understanding the concepts of exploitations. Understanding network protocols. Ability to use a scripting language (Python, Perl, Ruby, etc.) Ability to learn new technologies. Excellent writing and presentation skills are required in order to communicate findings and status. Cleary communicate priorities and escalation points/procedures to other team members. Detail oriented, organized, methodical, follow up skills with an analytical thought process. Skill Desired: Relevant experience involving WinDbg ,OllyDbg and IDA ProoExperience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.) Familiarity with fuzzers. Ability to analyze network protocols throughout all layers of the network stack. Dynamic scans, static scans and penetration testingoExperience with Splunk for Enterprise security. Security architecture experience a plus..

The position offers competitive rate.


Job Id: 32157