Cyber Security Engineer
The Engineer role for Cybersecurity Vulnerability and Threat Management actively protects the availability, confidentiality, and integrity of customer, employee, and business information. This is accomplished through performing three major functions: 1) System/Network Vulnerability Scanning, 2) Application Vulnerability Scanning, and 3) assist the Wyndham penetration testing team in their exercises and testing. The role will, within these functions, identify key vulnerable areas of Wyndham, report on these vulnerabilities, and provide recommendations around remediation. These functions will contribute to measuring Wyndham’s overall risk using intelligence-based tools and prioritization. This position will interact with all levels of technical and business personnel to provide security analysis and recommendations while remaining sensitive to business requirements.
- Daily operations and maintenance of company vulnerability scanning tools and supporting infrastructure
- Support the technical analysis and recommendations for remediation of OS, network, application, and third-party vulnerabilities
- Support regulatory and productivity reporting using detailed data gathering and analysis
- Conduct formal penetration tests for PCI compliance on systems, networks and applications to identify weaknesses and or vulnerabilities using approved standard methodologies
- Understand and operate application security vulnerability scanning tools and report on findings
- Support critical vulnerability management of zero day and active threats
- Assist in metrics development and reporting.
- Devise methods to automate testing activities and streamline testing processes
- Provide oral briefings to leadership and technical staff, as necessary.
- Improve and document operational and troubleshooting procedures
- Assist in red-team activities and table-top exercises
Occasional travel in support of pen-testing engagements may be required. This should not exceed 4-5 domestic or international locations per year.
Minimum Requirements and Qualifications
- B.A. or B.S. from a four-year accredited university
- One to three years of related industry experience
- Experience administrating and maintaining vulnerability management platforms. Specific experience with Rapid 7, Tenable, and Kenna security platforms is desired.
- Solid understanding of security controls assessment techniques and computer networking
- Practical experience with Linux and Windows operating systems
- Understands the fundamentals of web applications including authentication, session management, requests, form submittal, etc.
- Understanding and ability to exploit Cross Site Scripting, SQL injection, and other common vulnerabilities
- Knowledge of Software Development Life Cycle (SDLC), OWASP guidelines, and secure coding practices
- Familiarity with common programming or scripting languages, i.e. bash, PHP, Python, Perl, etc.
- Familiarity automation platforms such as GitLab and Ansible is preferred.