Coalfire Systems Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees. About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices and remote positions across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast. We’re looking for an Consultant to support our Vulnerability Assessment team. Position Summary Coalfire Vulnerability Assessment is composed of highly specialized security testers and advisors with a passion for enhancing system security postures. Our team members actively participate in the information security community and have released toolsets, blog posts, and whitepapers. Our team members have presented at numerous industry conferences, including BlackHat, DefCon, ShmooCon, BlueHat, DerbyCon, 44CON, and numerous BSides, about offensive and defensive operations as well as the tools and capabilities we create and share. Come join an amazing technical security team who makes a difference in the information security industry and consistently pushes the limit of offensive and defensive security capabilities. What You’ll Do Work with some of the leading Cloud Service Providers (CSPs) to validate vulnerability management security posture of their products and services Monitor and maintain enterprise security scanning tools (Nessus, Qualys, Nexpose, Netsparker, Burp, etc.) Provide recommendations on remediating host-based and web application vulnerabilities Conduct manual validation to confirm vulnerability closure Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments Provide recommendations to optimize processes and procedures related to enterprise security scanning tools Serve as subject matter expert for vulnerability management issue resolution Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise – both technical and non-technical resources, all the way up to the CIO Provide periodic reports detailing scan success, remediation efforts, and vulnerability trends What You’ll Bring 2-5 years of vulnerability management experience 2-5 years of cumulative network, application security, GRC, or cybersecurity consulting Experience scanning for and enumerating vulnerabilities in the GCP environment Demonstrated knowledge in the planning, development, coordination, implementation, and execution of a vulnerability management program In-depth knowledge of policies, procedures, development, and implementation of vulnerability identification, scanning, analysis, remediation tactics, and reporting within an organization In-depth knowledge of risk analysis and vulnerability remediation plan development In depth knowledge and experience of industry best practices for vulnerability management Expert level experience in configuring and executing within multiple vulnerability scanning tools Direct experience working with remediation teams and management on vulnerability remediation and security posture improvement Experience working in ticketing tools for remediation activities Familiarity with configuration baseline standards such as CIS Benchmarks or DISA STIGs Experience creating system inventories, boundary diagrams, and/or plans of actions and milestones (POA&M) Bonus Points Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, etc. Familiarity with Cloud services such as AWS, Azure Experience supporting vulnerability management across IaaS, PaaS, and/or SaaS Experience recreating web application scanning exploits in support of finding validation Experience reporting to C-suite personnel on security posture Why You’ll Want to Join Us At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $64,000 to $112,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. #LI-Remote #LI-HJ1 Bonus Points Why you’ll want to join us Please see job description
PI241372029 #J-18808-Ljbffr
ISO standards Consulting nexpose Amazon Web Services (AWS) paas Azure HIPAA SaaS Google Cloud Platform (GCP) iaas FedRAMP qualys nessus soc burp