CAREERS AT REDHAWK NETWORK SECURITY
If you are looking to be challenged and to grow professionally, and you want to be valued and recognized for your contributions, Redhawk is looking for you.
Founded in 2000, Redhawk has over 15 years of experience providing leading-edge cyber security services and is devoted to the highest standards of service and security. Redhawk recognizes our team members are our primary asset, and we have built a compensation and benefits package designed to help our employees thrive both personally and professionally. We encourage every client to take ownership of the confidentiality, integrity, and availability of their valued information and operational security.
The Security Consultant at Redhawk will work closely with our clients to Assess, Evolve, Build, and Test their IT security program. You will identify weaknesses and vulnerabilities in relation to industry best practices and will provide support to the application of security frameworks such as, but not limited to: PCI DSS, HIPAA, and NIST 800-53.
Technical network and web-application penetration testing experience is REQUIRED.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Lead Customer engagements providing information security consultation and assessment services for the following types of engagements:
Technical penetration testing on information systems.
IT audits and assessments.
Social engineering penetration testing.
Review, interpret and prioritize information system vulnerabilities.
Evaluate controls based on regulatory guidance and best practices.
Provide clear, organized findings and recommendations to clients and track progress towards resolution and compliance.
Produce detailed, high-quality reports for clients.
Deliver and explain reports to executive management.
Share your expertise with clients and colleagues to aid in decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security.
Work independently, undertake information security engagements including work co-ordination and project management (client interaction, deliverables, work plans, escalation's, etc.).
Track and log all billable and non-billable hours in Redhawk’s portal in a timely manner.
Provide regular status reports on all projects assigned.
Client Engagement (20%)
Scope and price customer engagements providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology and operations against security standards such as PCI DSS, HIPAA, and NIST 800-171.
Build professional and meaningful relationships while managing customer expectations and deliverables.
Grow the business by identifying up-sells with existing clients.
Continuous Improvement (10%)
Research and train on current and future penetration testing techniques and certifications.
Research, document, and maintain knowledge for current and future security frameworks and standards including but not limited to PCI-DSS, HIPAA, and NIST 800-53 as assigned.
Regular review of individual progress plan with supervisor.
Maintain a positive work atmosphere by acting and communicating in a manner so that the employee gets along with clients, vendors, co-workers, and management. Employees must maintain a positive public image when representing the company in public engagements.
This job has no direct reporting responsibilities but does include leadership and mentoring responsibilities.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION and/or EXPERIENCE
Qualified candidates will have the following:
Bachelor’s Degree or an additional four years of experience
Penetration Testing Certification(s) CEH, OSCP, GPEN.
Three or more years of experience in an IT security penetration testing, audit, assessment, and/or compliance role.
Must have previous professional experience providing consultative services as either an internal SME or as a third-party consultant.
Strong professional expertise in information security, must have the ability to thoroughly understand complex principles and apply them practically.
Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences.
Strongly prefer candidates with payment card (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) experience.
Interested in learning more about forensic analysis or incident response.
Must be willing to participate after business hours events and relevant professional organizations like OWASP, InfraGard, and ISACA.
Minimum of one year of experience in EACH of the following security disciplines:
o Application security.
o Information systems security.
o Network security.
o IT security auditing.
o Information security risk assessment or risk management.
Qualified candidate will have the following:
Being a team player and having the capability to expand/adapt your skills in fast-paced ever-changing industry.
Learning from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
Ability to manage all phases of the project life cycle.
Capable of managing multiple projects and multiple resources at a time.
Task oriented and able to manage projects to a timely project completion.
Experience working with multiple clients in a consultative environment.
Superior inter-personal and conflict resolution skills.
Successful phone-based relationship building skills and in-person skills.
Manage client or internal stakeholder expectations.
Data and Analytical mind-set.
Troubleshooting skills, with a creative ability to overcome challenges and problem-solve.
Very strong organizational and project management skills.
Strong communication - writing and verbal.
Innovative and proactive.
Strong business acumen.
PREFERRED QUALIFICATIONS, CERTIFICATES, LICENSES & REGISTRATIONS
Must have one (1) or more of the following certifications*:
Penetration Testing Certifications (CEH/OSCP/GPEN)
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
GIAC Systems and Network Auditor (GSNA)
Certified ISO 27001, Lead Auditor, Internal Auditor
International Register of Certificated Auditors (IRCA)
Information Security Management System (ISMS) Auditor
Certified Internal Auditor (CIA)
*Other comparable certifications may be accepted.
The above primary duties, responsibilities, and position requirements are not all inclusive. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Ability to meet the physical demands of this position including:
Willingness and desire to travel – moderate to heavy (50%) travel is required.
Sitting for extended periods of time.
Dexterity of hands and fingers to operate a computer keyboard, and mouse.
Individuals who receive job offers will be required to complete pre-employment screening that includes a background check verifying name, residences, education, work experience, and criminal convictions consistent with the Fair Credit Reporting Act.
Redhawk offers a high growth environment with excellent compensation and eligibility for our 401(k), health/dental insurance, and more.
Redhawk Network Security, LLC is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class.
Email your resume to: Careers@redhawksecurity.com