Threat Associate (Information Security Associate)

Tevora Business Solutions Irvine , CA 92614

Posted 3 weeks ago

Tevora is looking for a talented and up-and-coming professional to join our Penetration Testing team. The right candidate will have technical proficiency, experience in Penetration Testing and source code analysis or related fields, and a passion for information security. In this position you will analyze and attack our clients API and Web applications to ensure they are secured against the latest threats.

This is a growth-oriented role within Tevoras consulting team and you will be expected to provide thought leadership to the overall practice through meaningful client work, security community involvement, as well as continuing education.

About Tevora

Tevora is a leader in Information Security Consulting with a focus on information assurance, governance and compliance services and solutions. We work with some of the world's leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations.

Key Responsibilities

  • Actively participate in application penetration testing, including fuzzing, application logic testing, and source code analysis (to aid dynamic testing).
  • Produce high quality penetration testing reports for client executives and technical personnel
  • Identify and implement improvements to testing processes and methodologies
  • Participate in training and generate new material on application security topics.
  • Perform research and tool development to support and advance Tevoras practice.

Requirements

  • Ability to learn and willingness to be challenged.
  • Proficiency with Burp Suite and/or ZAP.
  • Experience with the theory and usage of penetration testing frameworks such as OWASP Testing Guide v4, Web App Hackers Handbook NIST or PTES
  • Proficiency with C++, C, C#, Go, Python, Java, Kotlin, Objective C, Swift, and JavaScript preferred
  • Knowledge and understanding of security engineering basics including but not limited to system and network security, authentication and security protocols, cryptography, mobile and web application security
  • Experience using various penetration testing and analysis tools (such as IDA, Ghidra, Drozer, Frida, Cycript, NMAP, Nessus, Cobalt Strike, Burp Suite, ZAP, Metasploit, etc.) on Windows, Linux, iOS, and Android
  • Knowledge of scripting languages (such as, Python, Ruby, Perl, Bash, VB/WScript, PowerShell, etc.)
  • Experience with web frameworks and source code review
  • Hardware hacking experience preferred (JTAG, NAND dumping, finding your way around a board with a multimeter)

Abilities

  • Excellent written and verbal communication, multi-tasking, time management, and analytical abilities
  • Dynamic, enthusiastic attitude with the ability to make concrete progress in the face of ambiguity and incomplete knowledge with a strong sense of ownership, urgency, and drive.

Education and Experience

  • Minimum of 1-2 years of experience with penetration testing and/or code review work. Hobbyist time counts.
  • Industry certifications (e.g. OSCP, OSCE, GWAPT, GPEN, GXPN, OSWE, or other) or Bachelors Degree in related field

Other Qualifications

  • Valid Drivers License as driving will be required in this role
  • Valid US Passport as travel will be required internationally and domestically (up to 40%)
  • Eligible to work in the United States

Tevora is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Benefits

Comprehensive Health, Vision, and Dental Insurance

Paid Vacation

Bonus Elligible

401k Match

Commuter Benefits and Pet Insurance available where applicable

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Systems Engineer

Loan Depot

Posted 6 days ago

VIEW JOBS 10/14/2020 12:00:00 AM 2021-01-12T00:00 We are at the forefront of change in this rapidly evolving lending market. mello™, the Greek word for "future," was the product of a recent $80+ million dollar investment in research & development to transform & streamline the home buying process into a digital experience like no other competitor offers. But mello™ is just the beginning… loanDepot will continue to invest in developing our own advanced technology ecosystem built around serving our customers & enabling our valued employees to provide exceptional service. We have funding, we have opportunities, you have ideas-it's a perfect match. Come join us! loanDepot - We are America's Lender. Position Summary: loanDepot is actively looking for an experienced Information Security Systems Engineer to join our Cyber Security Practice. The Information Security Systems Engineer is responsible for guiding the implementation and monitoring of enterprise wide threat and vulnerability management solutions for loanDepot Enterprise systems. The Information Security Systems Engineer strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of loanDepot's proprietary data, infrastructure and resources from internal and external threats. The Information Security Systems Engineer is required to maintain a comprehensive understanding of services provided by loanDepot and develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company. Responsibilities: * Schedule and maintain security operations management of operating systems, security applications and network infrastructure components. Provide security configurations, controls for monitoring and centralized logging for network and server devices. * Coordinate resources for auditing of applications, operating systems and networks to provide a measurable technical assessment that includes, performing security vulnerability scans, reviewing access controls and analysis to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance. * Have the ability to formulate and interpret penetration test information results for the enterprise. Manage vulnerability detection, analysis and exploitation remediation to ensure confidentiality, integrity and availability of mission critical information assets. * Mentor junior engineers and analysts in security knowledge and experience in technologies and methodologies as it relates to Security Information and Event Management (SIEM) devices, firewalls, proxies, access controls, encryption, networking, scripting, auditing, vulnerability assessments, intrusion management and operations. Additionally to assist with effective research, data gathering, analysis, metrics reporting and communications. * Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios outside of the routine change management process or production scope. * Have experience with enforcement of information security policies and procedures. Familiarity with information security standards such as NIST, ISO, COBIT, and associated security controls. * Must be self-directed with the ability to work independently to meet deadlines and produce quality work in a time-sensitive, fast-paced environment. Requirements: * Comprehensive understanding of Security Methodologies. * Experience with reverse engineering of malware. * Advanced experience with TCPIP/UDP/ICMP. * Comprehensive knowledge of the OSI Reference Model. * Windows / Linux / Unix operating systems. * Advanced experience with networking components (routers, switches, load balancers, wireless access points, etc.) * Comprehensive knowledge of firewalls, proxies, mail servers and web servers. * Advanced experience with operational support for operating systems, applications and networks. * Comprehensive knowledge of client/server relationships. * Comprehensive knowledge of relational databases and structured query language. * Advanced experience with vulnerability assessments. * Advanced experience with intrusion management and its components. * Comprehensive understanding of encryption algorithms and ciphers. (PKI/SSL) * Comprehensive knowledge of malicious code. (worms, viruses, spyware, etc.) * Comprehensive experience with Virtual Private Networking. * Comprehensive knowledge of multi-tier environments. * Advanced experience with packet inspection / sniffers. * Advanced experience in forensics and e-discovery. * Advanced experience in automation and scripting of applications and systems. * Advanced experience in anomaly detection. (signature / behavioral) * Advanced experience with event and log correlation. * Effective team management, time management, and organizational skills. * Effective written and verbal communication skills. * Effective analytical and problem solving skills. * Proficient in Microsoft Office Suite products. * Scripting / code development experience is preferred, but not required. * Bachelor's Degree in Information Technology, Mathematics, Business, Engineering or related fields with 5-7 years of professional experience. Preferred Certifications: * CISSP * GIAC * CRISC * CEH The Perks: * Competitive compensation reliant on ability & experience. * Excellent benefits package including multiple health, dental & vision options. * Company paid life and AD&D Insurance, as well as additional voluntary benefit possibilities. * 401K with robust company match. * 15+ PTO days in addition to 8 paid company holidays. * The opportunity to work for America's Lender under the vision of industry legend, Anthony Hsieh. We are an equal opportunity employer and value diversity in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Loan Depot Irvine CA

Threat Associate (Information Security Associate)

Tevora Business Solutions