CSW Discovers its 50th Zero Day!

VMaaS Engineer Associate

Education : Undergraduate degree in Information Security, Computer Science, Computer Engineering, related fields, or equivalent experience

Experience : Recent College Graduate

Location : New Mexico

No of Positions : 4

What you will do:

  • Perform operational support of vulnerability management systems and applications that the CVAS team is responsible for maintaining; define documented procedures and processes
  • Coordinate and lead routine vulnerability scanning and remediation oversight on client's systems as required for compliance of Payment Card Industry Data Security Standard (PCI DSS), Cybersecurity Maturity Model Certification (CMMC), and other industry compliance standards as necessary.
  • Help with strategic security initiatives to improve vulnerability management and vulnerability scanning capabilities through automation development, processes enhancements, and infrastructure expansion
  • Help Identify deficiencies within vulnerability management and vulnerability scanning tools, procedures, and processes and provide recommendations for improvement and automation
  • Create reports and generate vulnerability metrics for executive management levels to utilize in making informed business decisions that impact the security of CSW's customers.
  • Perform active cyber defense activities, such as threat hunting by proactively and iteratively searching through networks to detect and isolate advanced threats, evading existing security solutions and zero-day vulnerabilities specific to the CSW client's infrastructure.
  • Contribute to developing, facilitating, and maintaining the Information Security Policy, Methods, Procedures, Technical Standards, Technical Best Practices, and general processes for vulnerability management.

What We Look for in a Candidate

  • Undergraduate degree in Information Security, Computer Science, Computer Engineering, related fields, or equivalent experience
  • Knowledge of current and emerging cybersecurity threats, vulnerabilities, and technologies
  • Awareness of NIST Vulnerability Database about vulnerability severity ratings
  • General understanding of standard networking protocols
  • Good communication skills
  • General understanding of API integration concepts
  • Basic knowledge of programming languages such as Python, C#, GoLang or UNIX Shell, and API programming

What you will learn

  • Network elements/protocols, operating systems, databases, and applications, including systems in scope for a compliance standard.
  • Awareness about OWASP Top 10, SANS Top 20, and NIST Vulnerability Database.
  • Strong problem-solving skills to adapt to new client requirements and provide support.
  • Strong understanding of network architecture and switching/routing implementation related to scanners.
  • Understanding of information security industry and regulatory obligations (PCI, FISMA, HIPAA, ISO 27001/27002, NIST Framework, CMMC) about vulnerability management.

OPT Candidates are encouraged.