Attack Surface Engineer - Axelon Services Corporation

Global Financial Firm located in Fort Lauderdale, FL / Irving, TX has an immediate contract opportunity for an experienced Attack Surface Engineer

"This role is currently on a Hybrid Schedule.
You will need to have reliable internet, computer and android or iphone for remote access into the client systems during remote work.
We will be expected in the office weekly 2-3 days depending on the team requirement.

****Video/ f2f interviews are required prior to all offers.

The Role:
This individual will participate in activities as part of the organization s Attack Surface Reduction (ASR) program and Breach Attack Simulation (Client) program. The candidate may also participate in Red Team and Penetration Testing exercises. To be successful in this role, the ideal candidate will have experience with reconnaissance, attack surface mapping techniques, strong programming background and offensive security experience.

Responsibilities
Assist with the development and implementation of program management processes and tools related to attack surface reduction
Support Client s Red, Blue, and Purple Teams during the execution of offensive security assessment operations
Develop and implement Red Team automation tools utilizing various programming languages
Assist in developing and maintaining technical documentation
Monitor program progress and identify potential risks and issues, including the changes in the firm s attack surface or the emergence of new threats
Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
Scan and analyze applications with automated tools, and perform manual testing if necessary
Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
Identify opportunities to automate and standardize information security controls and for the supported group
Establish meaningful partnerships with relevant stakeholders across the enterprise is a key function of this role to build and maintain a comprehensive model of applicable, feasible threats, and risks to the business
Act as a subject matter expert and provide guidance with stakeholders
Identify and ensure compliance with relevant frameworks and guidelines (e.g., NIST)
Demonstrate appropriate consideration for the firm's reputation and safeguarding Clientgroup, its clients, and assets by driving compliance with applicable laws, regulations, and Client Policy

Qualifications
4+ years experience or equivalent knowledge and exposure are required with most of the following:
An understanding of attack surface management tools, including their capabilities and limitations
Deep understanding of reconnaissance types and techniques
Strong communication and interpersonal skills, including experience with technical and non-technical teams
Excellent analytical and problem-solving skills, with the ability to analyze complex data sets, and provide recommendations for mitigating risk
Familiarity with big data technologies, data analysis and visualization tools: Tableau, Spark, Hive, Hadoop, etc.
Experience with program management tools: ServiceNow, JIRA, Confluence, etc.
Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
Identifying, researching, validating, and exploiting different, known, and unknown security vulnerabilities on the server and client side
Leveraging the MITRE Telecommunication&CK Framework
Red Team testing tools: Cobalt Strike, Red Team Toolkit, etc.
Vulnerability Assessment tools: Nessus, Qualys, etc.
Exploitation frameworks: Metasploit, CANVAS, Core Impact
Social Engineering campaigns: email phishing, phone calls, SET
Deep understanding of OSI model and OWASP
Security devices: Firewalls, VPN, AAA systems
OS Security: Unix/Linux, Windows, OSX
Understanding of common protocols: HTTP, LDAP, SMTP, DNS
Web application infrastructure: Application Servers, Web Servers, Databases
Web development and programming languages: Python, Perl, Ruby, Java, .Net

Education
Bachelor s degree/University degree or equivalent experience
Master s degree preferred
Industry-accredited security certifications highly preferred but not required (e.g. PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP)

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.