Senior Security Engineer (Penetration Testing/GRC Assessments)

Perform risk and security assessments, design secure infrastructure architectures, and enhance communication. Structured Communication Systems is a leading information technology consultancy and systems integrator. We are experts at architecting and implementing secure and reliable solutions for delivering business applications, ensuring business continuity, enhancing data center performance and efficiency, enabling mobile workers, securing information assets and providing information security and governance. Structured has an immediate remote opening for a Senior Security Engineer(Penetration Testing/GRC Assessments) (must be available to work Pacific Time Zone hours). As part of our team, you’ll be responsible for conducting comprehensive penetration testing and security assessments using a wide range of offensive security tools and methodologies. The primary focus is on identifying vulnerabilities through network and application layer testing, social engineering, and red team operations. This position will also support compliance assessment activities and be responsible for designing and implementing security-oriented solutions, assisting with troubleshooting and consultation of various security and networking projects. This position also provides pre-sales assistance to Account Executives, which may include the development of presentations and/or proposals. This role also directly interfaces with the end-user customer(s). Compensation: $110,000.00 – $130,000.00 annually Travel Requirements This position may require considerable travel for short- to medium-term projects based on customer location and project needs. Essential Duties and Responsibilities An individual must be able to perform each essential duty satisfactorily in order to meet the qualifications required to perform this job successfully. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Performs comprehensive penetration testing for internal and external environments, including network and application layer testing, web application assessments (OWASP Top 10, APIs, mobile apps), wireless security, and social engineering campaigns. Conducts red team operations, adversary simulation exercises, and vulnerability assessments to identify and exploit security weaknesses in systems, applications, and infrastructure. Develops custom exploits and tools to support penetration testing activities. Performs security assessments from frameworks in the following compliance areas: PCI DSS, HIPAA, GLBA, SOX, GDPR, CIS Critical Security Controls, NERC CIP, and ISO 27000. Performs risk assessments according to guidance, including NIST SP 800-30 or OCTAVE. Creates incident response plans and conducts tabletop exercises. Writes professional penetration testing and assessment reports that include detailed findings, risk ratings, and remediation recommendations as a deliverable. Responsible for the implementation/configuration of the various systems and appliances for the manufacturers that Structured represents. Responsible for creating alternative designs to satisfy performance and cost criteria based upon customer requirements. Identifies and corrects faults and provides resolution of complex problems based upon tickets that are escalated from Structured’s help desk. Effectively communicate Structured’s value proposition through presentations, proposals, and the development of collateral to drive sales and the branding of Structured Supports sales opportunities with Account Executives. Interfaces with end-users for the purpose of designing and implementing new solutions. Ability to troubleshoot problems with existing systems/solutions. Ability to translate highly technical material into common language for purposes of generating reports. Supervises projects and work assignments in order to ensure effective and efficient delivery. Prepares reports in order to update management regarding project status and/or manufacturer updates. Provides input for professional service statements of work (“SOW”) and create SOWs as directed, as well as perform project management services (as needed). Follows the current policies and procedures for tracking activities in Structured’s various CRM/service delivery tools. Additional duties as assigned. Promotes and maintains a high standard of customer service at all times. Ability to maintain and continually develop accurate product and application knowledge. Capability to influence existing and past relationships with customers and vendors to generate opportunities. Proactively learns and utilizes new technologies, concepts, and procedures. Leverages technical background to identify professional service opportunities for security, networking, storage/compute opportunities and cloud. Education Requirements Bachelor’s degree (B.A. or B.S.) from a four-year college or university in information systems or equivalent experience. At least 5+ years’ experience in a technology-related field, including 2+ years’ penetration testing and security assessment experience. Previous experience providing solution design and implementation preferred. Hands-on experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, Cobalt Strike, and other offensive security frameworks. Experience with scripting/programming languages (Python, PowerShell, Bash) for tool development and automation. Knowledge of exploitation techniques, post-exploitation activities, and privilege escalation methods. Experience with PCI DSS, HIPAA, GLBA, CIS Critical Security Controls, NERC CIP, SOX, GDPR, and ISO 27000 series security frameworks preferred. OSCP, OSCE, GPEN, GWAPT, GXPN, CISSP, CISA, CISM, or other relevant certifications are highly preferred. General Office Computer Skills To perform this job successfully, an individual should be an advanced user of Microsoft Office Suite and have extensive experience with customer relationship management tools, such as Salesforce. Extensive understanding of security and network theories and advanced security and networking trouble shooting capabilities. Language Skills Ability to read, analyze, and interpret quotes and reports. Ability to synthesize large amounts of highly technical material into common language for use in reports, effectively present information, and respond to questions from employees, management, vendors and customers. Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to walk or sit; use hands to handle or feel; reach with hands and arms and talk or hear. The employee is occasionally required to stoop, kneel, or crouch. The employee may occasionally be required to lift and/or move up to 50 pounds. Working Conditions The working conditions characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Work is performed in both a general office environment, as well as a data center environment. Within the general office environment both the lighting and temperature are generally moderate. The data center environment is generally cool in temperature and the lighting is moderate; the noise level in the data center environment is generally loud. Must have a valid Driver’s License and the ability to travel to customer locations and other destinations for short to medium term projects. This position may also require an adjusted work schedule and evening hours in order to meet or attend vendor/customer needs. Flexibility to field phone calls, system alerts and provide remote and/or on-site support to clients outside of normal business hours, including weekends and holidays. Our organization provides a full compensation package that facilitates development and growth. The benefits package includes medical, dental, vision, group life, and AD&D insurance, and long and short-term disability coverage and 401(k). We also provide training on mutually agreed upon professional goals through a combination of self-study courses, formal training, and on-the-job training. Obtaining industry-based certifications is highly encouraged. ***We are interested in all qualified candidates that are eligible to work in the United States. However, we are not able to sponsor visas.*** * Structured is an Equal Opportunity Employer with a strong commitment to supporting and retaining a diverse and talented workforce. #J-18808-Ljbffr