The job below is no longer available.
You might also like
in Duluth, GA
$19est. per hour OneMain Financial • 12d agoUrgently hiring 11 mi Use left and right arrow keys to navigate- $19
est. per hour OneMain Financial • 12d agoUrgently hiring 11.8 mi Use left and right arrow keys to navigate - $29
est. per hour Buffalo Wild Wings • 1h agoUrgently hiring 14.3 mi Use left and right arrow keys to navigate - $18
est. per hour Buffalo Wild Wings • 1h agoUrgently hiring 14.3 mi Use left and right arrow keys to navigate - $40
est. per hour ProMedica Senior Care • 5d agoUrgently hiring 4.1 mi Use left and right arrow keys to navigate
Senior Penetration Tester/Information Security Vulnerability Mgmt. Specialist - Full-time / Part-time
•30 days ago
| Hours | Full-time, Part-time |
|---|---|
| Location | 5985 State Bridge Road Duluth, Georgia |
About this job
Job Overview:
At Macy’s, we’re moving fast—we’re at top speed to become America’s premiere omni-channel retailer. Macy’s technology hub, Macy’s Technology (M*Tech) strives to set the pace by providing seamless and compelling shopping experiences for our Macy’s and Bloomingdale’s customers. M*Tech is creating innovative technology solutions to support these experiences and define the future of retailing.
Macy’s Technology is seeking a senior level specialist in the Penetration Testing / Information Security Vulnerability Management area. This is a hands-on role involving penetration testing vulnerability assessment activities of complex applications, operating systems, wired and wireless networks. The Sr. Penetration Tester will perform the daily operation of the team including vulnerability identification, risk assessments, vulnerability remediation, and validation testing.
The selected candidate should have experience and understanding of multiple security platforms and layers including automated and manual testing tools, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Risk Assessments.
Performs other duties as assigned.
Essential Functions:
The Senior Penetration Tester / Information Security Vulnerability Management Specialist makes decisions based on operational status and project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks. The Specialist will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security risk exposure or operational stability. Additionally be responsible for performing operating system, network, 3rd party application and internally developed application penetration testing and vulnerability assessments.
Other responsibilities will include:
• Responsible for performing operating system, network, 3rd party application and internally developed application penetration testing and vulnerability assessments.
• Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Specialist must have critical thinking skills.
• Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.
• Consistently demonstrates regular, dependable attendance & punctuality.
Qualifications:
Education/Experience:
• Bachelor’s Degree and 5-7 years of experience in IT or Information Security or an equivalent combination of education and experience.
• Experience with vulnerability assessment and penetration testing tools (such as nmap, Nessus, Qualys, eEye Retina, Metasploit, OpenVAS, OpenSSL, CoreImpact, WebInspect, etc.) and manual testing.
• Remediation experience with patching and/or mitigation for findings for all of the aforementioned testing/assessments.
• Risk assessment experience with computer systems and applications.
• Best practice and architecture experience with computer systems and applications.
• One or more Certifications such as: CISSP, OSCP, OSCE, OSWE, GWAPT OSWP, GSEC, GISP, GPPA, GCUX, GCWN, GCED, GPEN, GSNA, GAWN, GXPN, or GSE.
Communication Skills:
• Excellent written and verbal communication skills.
• Ability to read, write, and interpret business and technical documents.
Reasoning Ability:
• Strong analysis/troubleshooting/debugging skills, strong partnering/relationship building skills.
• Must be able to work independently with minimal supervision.
Physical Demands:
• This position involves regular ambulating, sitting, hearing, and talking.
• May occasionally involve stooping, kneeling, or crouching.
• May involve close vision, color vision, depth perception, and focus adjustment. Involve use of hands and fingers for typing on keyboard and using a mouse.
• May be a need to move or lift items under 10 pounds.
Other Skills:
• Knowledge or skill to be able to identify root cause of vulnerabilities and provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.
• Able to create reports and presentations, including but not limited to executive summaries, vulnerability assessments, penetration testing, and remediation.
• Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
• Maintaining metrics in addition to leading and analyzing security reporting.
• Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.
• Expert knowledge of common protocols, vulnerability management frameworks, testing methodologies, web applications and architecture, encryption and reporting packages.
• Identify common network and web application vulnerabilities such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
• An advanced understanding of web applications authentication, session management, forms submission, etc.
• An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.
• Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
Work Hours:
• Ability to work a flexible schedule based on department and company needs.
• Participates in the ‘on-call’ rotation.
Company Profile:
Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.
This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.
At Macy’s, we’re moving fast—we’re at top speed to become America’s premiere omni-channel retailer. Macy’s technology hub, Macy’s Technology (M*Tech) strives to set the pace by providing seamless and compelling shopping experiences for our Macy’s and Bloomingdale’s customers. M*Tech is creating innovative technology solutions to support these experiences and define the future of retailing.
Macy’s Technology is seeking a senior level specialist in the Penetration Testing / Information Security Vulnerability Management area. This is a hands-on role involving penetration testing vulnerability assessment activities of complex applications, operating systems, wired and wireless networks. The Sr. Penetration Tester will perform the daily operation of the team including vulnerability identification, risk assessments, vulnerability remediation, and validation testing.
The selected candidate should have experience and understanding of multiple security platforms and layers including automated and manual testing tools, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Risk Assessments.
Performs other duties as assigned.
Essential Functions:
The Senior Penetration Tester / Information Security Vulnerability Management Specialist makes decisions based on operational status and project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks. The Specialist will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security risk exposure or operational stability. Additionally be responsible for performing operating system, network, 3rd party application and internally developed application penetration testing and vulnerability assessments.
Other responsibilities will include:
• Responsible for performing operating system, network, 3rd party application and internally developed application penetration testing and vulnerability assessments.
• Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Specialist must have critical thinking skills.
• Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.
• Consistently demonstrates regular, dependable attendance & punctuality.
Qualifications:
Education/Experience:
• Bachelor’s Degree and 5-7 years of experience in IT or Information Security or an equivalent combination of education and experience.
• Experience with vulnerability assessment and penetration testing tools (such as nmap, Nessus, Qualys, eEye Retina, Metasploit, OpenVAS, OpenSSL, CoreImpact, WebInspect, etc.) and manual testing.
• Remediation experience with patching and/or mitigation for findings for all of the aforementioned testing/assessments.
• Risk assessment experience with computer systems and applications.
• Best practice and architecture experience with computer systems and applications.
• One or more Certifications such as: CISSP, OSCP, OSCE, OSWE, GWAPT OSWP, GSEC, GISP, GPPA, GCUX, GCWN, GCED, GPEN, GSNA, GAWN, GXPN, or GSE.
Communication Skills:
• Excellent written and verbal communication skills.
• Ability to read, write, and interpret business and technical documents.
Reasoning Ability:
• Strong analysis/troubleshooting/debugging skills, strong partnering/relationship building skills.
• Must be able to work independently with minimal supervision.
Physical Demands:
• This position involves regular ambulating, sitting, hearing, and talking.
• May occasionally involve stooping, kneeling, or crouching.
• May involve close vision, color vision, depth perception, and focus adjustment. Involve use of hands and fingers for typing on keyboard and using a mouse.
• May be a need to move or lift items under 10 pounds.
Other Skills:
• Knowledge or skill to be able to identify root cause of vulnerabilities and provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.
• Able to create reports and presentations, including but not limited to executive summaries, vulnerability assessments, penetration testing, and remediation.
• Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
• Maintaining metrics in addition to leading and analyzing security reporting.
• Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.
• Expert knowledge of common protocols, vulnerability management frameworks, testing methodologies, web applications and architecture, encryption and reporting packages.
• Identify common network and web application vulnerabilities such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
• An advanced understanding of web applications authentication, session management, forms submission, etc.
• An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.
• Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
Work Hours:
• Ability to work a flexible schedule based on department and company needs.
• Participates in the ‘on-call’ rotation.
Company Profile:
Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.
This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.