Pentester and Vulnerability Mgt Engineer
2 weeks ago
Security Engineer - Penetration Testing & Vulnerability Management
We are looking for a penetration tester/vulnerability engineer to join our team to help protect the organization from cyber threats. As a penetration tester, you will be responsible for conducting ethical hacking activities to identify and exploit vulnerabilities in systems, networks, applications, and devices. You will be involved in red teaming, purple teaming, and active threat-hunting exercises to simulate real-world attacks and test the effectiveness of our security controls and incident response capabilities. You will also be expected to lead and manage vulnerability and patch management programs to ensure timely remediation of security issues.
This role is fully remote with quarterly travel to Belk, Inc. headquarters and must be worked in the ET time zone. This role will report to the Manager, Cybersecurity Operations & Incident Response.
Essential Duties and Responsibilities
Vulnerability Management
Compiling and tracking vulnerabilities and mitigation results to quantify program effectiveness.
Creating and maintaining vulnerability management policies, procedures, and training
Analyzing cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents related to cyber defense assessment.
Prepare reports identifying technical and procedural findings and providing recommended remediation strategies/solutions.
Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., container registry scanning, open-source vulnerability scanning, network/host vulnerability scanning, cloud security posture management, and source code scanning.
Analyze CIS benchmarks compliance for multiple platforms, including on-premises and cloud resources, and generate reports to achieve compliance by meeting organizational security standards.
Maintain weekly reports for work-in-progress efforts across cybersecurity operations resources.
Manage the exception process for vulnerabilities, patching, or pen-testing findings that cannot meet Belk's Standards and/or the remediation SLA.
Penetration Testing
Perform formal penetration tests on web-based applications, networks, and computer systems to include Windows environments from initiation to closure.
Threat modeling
Carry out testing of the cloud environment to expose weaknesses in security.
Determine methods that attackers could use to exploit weaknesses and logic flaws.
Perform security reviews of application designs, source code, and deployments as required, covering all types of applications (web applications, web services, mobile applications, SaaS)
Perform physical security reviews.
Participate in Security Assessments and IT auditing of networks, systems, and applications.
Use, design, and create penetration tools and tests.
Document findings for management and technical staff and recommend mitigating actions.
Required Knowledge and Skills
Proficiency in using penetration testing tools like Metasploit, Burp Suite, Nmap, Wireshark, and vulnerability scanners.
Understanding of standard network protocols, operating systems (Windows, Linux, macOS), and web technologies.
Knowledge of common web application vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Familiarity with scripting languages like Python, Bash, or PowerShell to automate tasks and develop custom tools.
Solid understanding of cybersecurity principles, secure coding practices, cloud infrastructure, and network security controls.
Knowledge of common security frameworks and compliance standards, such as OWASP, PCI DSS, NIST, and MITRE ATT&CK Framework.
Strong analytical thinking and problem-solving abilities to identify vulnerabilities, analyze their impact, and recommend appropriate solutions.
Knowledge of system administration concepts, including server configuration, user, and patch management.
Excellent communication skills to communicate findings, vulnerabilities, and recommendations effectively to technical and non-technical stakeholders.
Willingness to continuously learn new tools, methodologies, and technologies in the rapidly evolving field of cybersecurity.
Understanding the retail business context to prioritize risks and align security assessments with organizational objectives is essential.
Ability to work effectively as a team, collaborate with other security professionals, and share knowledge and expertise.
General Requirements:
A bachelor's degree in computer science, Information Security, or a related field is desirable.
At least one of the following certifications: OSCP, GPEN, PNPT, PenTest+, or similar certification
3+ years of overall IT experience.
3+ years of experience in vulnerability management.
3+ years of experience in ethical hacking.
2+ years of experience in incident management.
3+ years of experience in systems management and administration is desireable
#LI-REMOTE
#LI-CR1
#IND3
#J-18808-Ljbffr
-
Vulnerability Analyst
3 weeks ago
Charlotte, United States Randstad Digital Full timeResponsibilitiesProvide vulnerability management and secure configuration baseline management oversight and governance for Infosys VM/SCM programs. Adjudicate risk-acceptance ("exception") requests and false positive requests, review VM metrics, shape and govern based on trends being presented to us by InfosysQualificationsLooking for strong AWS experience...
-
Charlotte, North Carolina, United States Bank of America Full timeJob Description:At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.This job is responsible for assessing the bank's technologies, applications, and...
-
Senior Adaptive Threat Replication Engineer
1 month ago
Charlotte, United States Bank of America Full timeDescription : Senior Adaptive Threat Replication Engineer (AKA Red Team, Penetration Testing, Advanced Vulnerability Assessments Engineer) Are you passionate about cyber security and looking to work with some of the best information security professionals in the world and in challenging environments? Bank of America is hiring top talent to join our...
-
Threat Security Control Engineer
2 weeks ago
Charlotte, United States RKube Inc Full timeWe are looking for a W2 candidate who can join our team. only. We are looking for a Threat Security Control Engineer to join our team and be placed with one of our esteemed clients. As a Threat Security Control Engineer, you will be responsible for designing, implementing, and maintaining security controls to protect our client's infrastructure from cyber...
-
Information Security Engineer
5 days ago
Charlotte, United States CrossCountry Mortgage Full timeDescription Position Overview: The Information Security Engineers will play a vital part in protecting the organization’s digital assets and infrastructure from evolving cyber threats.The Information Security Engineers will work as a team to cover every aspect of IT security.In a dynamic environment, this position will troubleshoot and resolve...
-
Cyber Security Engineer
3 weeks ago
Charlotte, United States Teknosys Full timeJob Title: Cyber Security EngineerLocation: Raleigh, NC (Hybrid) Job Description:We are currently seeking a proficient Cyber Security Engineer to join our esteemed team. The successful candidate will play a pivotal role in fortifying our security infrastructure, specializing in identifying single sign-on solutions and enhancing database security protocols....
-
IT Engineer
5 days ago
Charlotte, United States Coca-Cola Bottling Co Full timeRequisition ID: 191343 Posting Locations: Charlotte Click here to view a Day in the Life of our Teammates! Our Secret Ingredient is our Teammates. We offer great rewards , competitive pay , career advancement and growth opportunities . Full Time Teammates are also eligible for: Paid Training Paid Time Off plus paid holidays 401(k) with Company matching on a...
-
Site Reliability Engineer
4 days ago
Charlotte, United States Bank of America Corporation Full timeJob Description At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for...
-
Security Engineer
4 weeks ago
Charlotte, United States TEKRRA1 Full timeJob DescriptionJob DescriptionRequirements: Engage in security consultation for internal projects to ensure alignment with corporate security policies and standards. Monitor and address vulnerabilities and security incidents. Analyze security logs for potential threats. Contribute to the design, testing, and maintenance of security solutions across various...
-
Lead Information Security Engineer
4 weeks ago
Charlotte, United States TEKRRA1 Full timeJob DescriptionJob DescriptionDatabase Operations (DB OPS) Spearhead computer security incident response initiatives for intricate eventsConduct in-depth technical investigations of security incidents and conduct post-incident digital forensics to pinpoint causes and propose future mitigation strategies Offer security consultancy on major projects for...
-
Project Engineer
1 month ago
Charlotte, North Carolina, United States Babcock and Wilcox Company Full timeJob ID DescriptionA Project Engineer is directly responsible for the technical excellence and the technical coordination of assigned projects and indirectly responsible for project profitability, with these responsibilities crossing multiple engineering disciplines. This individual will guide the engineering process in addition to monitoring all phases of...
-
Project Engineer
1 month ago
Charlotte, United States Babcock and Wilcox Company Full timeJob ID - (24000028) Description A Project Engineer is directly responsible for the technical excellence and the technical coordination of assigned projects and indirectly responsible for project profitability, with these responsibilities crossing multiple engineering disciplines. This individual will guide the engineering process in addition to...
-
Senior Cloud Security Engineer
1 month ago
Charlotte, United States Liberty Personnel Services, Inc. Full timeA full time, direct hire position is open due to growth. Qualified candidates will have similar experience to the following: AWS Professional experience in Cloud Architecture and/or Engineering Expert knowledge of SDLC Expert in building and deploying a CI/CD pipeline Experience in DevOps/DevSecOps/GitOps Technical knowledge on Automation, configuration and...
-
Electrical Engineer
4 days ago
Charlotte, United States Civil and Environmental Consultants Full timeElectrical Engineer Job Locations US-NC-Charlotte Category Electrical Engineering Type Full-Time Overview Our growing Manufacturing Infrastructure Services (MIS) team is actively interviewing for current and upcoming projects. Our Electrical Engineer role provides you the opportunity to design the latest state-of-the-art facilities in a wide variety of...
-
Email Security Engineer
2 months ago
Charlotte, United States Motion Recruitment Full timeWe are working with a company that is leading in the field of online education and e-learning solutions. It offers a comprehensive range of services and products designed to enhance learning experiences for individuals, educational institutions, and corporate organizations. As an e-learning company, they specialize in creating and delivering digital learning...
-
Email Security Engineer
2 weeks ago
Charlotte, United States Motion Recruitment Partners LLC Full timeWe are working with a company that is leading in the field of online education and e-learning solutions. It offers a comprehensive range of services and products designed to enhance learning experiences for individuals, educational institutions, and corporate organizations. As an e-learning company, they specialize in creating and delivering digital learning...
-
Electrical Engineer
5 days ago
Charlotte, United States Civil and Environmental Consultants Full timeElectrical EngineerJob Locations US-NC-CharlotteCategory Electrical EngineeringType Full-TimeOverviewOur growing Manufacturing Infrastructure Services (MIS) team is actively interviewing for current and upcoming projects. Our Electrical Engineer role provides you the opportunity to design the latest state-of-the-art facilities in a wide variety of markets...
-
Civil / Site Engineer
6 days ago
Charlotte, United States Hazen and Sawyer Full timeJob DescriptionJob DescriptionWe are seeking a Site/Civil Engineer with a minimum 2 years of experience in the design and regulatory permitting of site plans, drainage studies, stormwater collection systems, Best Management and Low-impact Development practices, and erosion control facilities for construction. The ideal candidate should have successfully...
-
Civil / Site Engineer
4 weeks ago
Charlotte, United States Hazen and Sawyer Full timeJob DescriptionJob DescriptionWe are seeking a Site/Civil Engineer with a minimum 2 years of experience in the design and regulatory permitting of site plans, drainage studies, stormwater collection systems, Best Management and Low-impact Development practices, and erosion control facilities for construction. The ideal candidate should have successfully...
-
Site Development Engineer
22 hours ago
Charlotte, United States Hazen and Sawyer Full timeJob DescriptionJob DescriptionWe are seeking a Site Development Engineer with a minimum 2 years of experience in the design and regulatory permitting of site plans, drainage studies, stormwater collection systems, Best Management and Low-impact Development practices, and erosion control facilities for construction. The ideal candidate should have...