We are representing an Security Assessment Analyst position for a Management Consulting Firm in Detroit, MI
The Security Assessment Analyst will be responsible for ensuring the confidentiality, integrity, and availability of information assets within the enterprise. The analyst will provide technical expertise and protection of assets through the review, analysis, implementation, or monitoring of security controls, functions, and processes within the enterprise in support of the information security program. The analyst will interface with business units and key stakeholders within and outside of the information technology department, providing guidance and recommendations regarding security issues and requirements as appropriate.
The Security Assessment Analyst will perform various types of security assessments, which may include evaluations of security controls in hardware, software, web applications, mobile applications, and other information assets. The analyst will assist with vulnerability management, secure configuration management, and application security programs. This position aligns with the Vulnerability Assessment Analyst and Security Control Assessor work roles within the NICE Cybersecurity Workforce Framework.
- Maintain and enhance vulnerability management program, to include network vulnerability scanning, exception requests, reporting, and remediation efforts
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct deficiencies
- Perform security reviews and identify security gaps in security architecture
- Assess configuration management, patch management, and effectiveness of security controls
- Conduct and/or support authorized penetration testing or vulnerability assessment of enterprise assets
- Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, applications, etc.)
- Conduct application security assessments, including static analysis, dynamic analysis, and manual testing of web and mobile applications.
- Make recommendations regarding the selection of security controls to mitigate risk (e.g., protection of information, systems, and processes)
- Assist with development and maintenance of technical documentation and standard operating procedures.
- Additional responsibilities as identified.
- Security fundamentals certification such as GISF, GSEC, Security+, or similar preferred
- Ethical hacking or penetration testing certification (CEH, OSCP, GPEN, etc.) strongly desired
- Proven project management and organizational skills, specifically managing multiple concurrent projects
- Bachelor’s or Master’s degree in Information Security or related field preferred (work experience and background may be considered in lieu of education)
- Minimum two years of information security experience, with experience in vulnerability assessment or penetration testing preferred
- Highly self-motivated
- Must give attention to detail and possess the ability to prioritize tasks so work is completed in an accurate, timely manner
- Excellent problem-solving ability and ability to resolve issues under tight time frames
- Stay current on information security trends, new threats and attack techniques, and emerging security technologies.
Note: Qualified candidates will be contacted within 2 business days of application. If an applicant does not meet the above criteria, we will keep your resume on file for future opportunities and may contact you for further discussion.