The job below is no longer available.
You might also like
in Johns Creek, GA
$18est. per hour SRS Distribution Inc. • 6h agoJust posted Urgently hiring 7.6 mi Use left and right arrow keys to navigate- $25
est. per hour SRS Distribution Inc. • 6h agoUrgently hiring Use left and right arrow keys to navigate - $18
est. per hour Presidio, Inc. • 6h agoUrgently hiring 18 mi Use left and right arrow keys to navigate - $25
est. per hour Johnson Controls International • 11h agoUrgently hiring 6.6 mi Use left and right arrow keys to navigate - $25
est. per hour Johnson Controls International • 11h agoUrgently hiring 6.6 mi Use left and right arrow keys to navigate
Sr. Penetration Tester
•30 days ago
| Hours | Full-time |
|---|---|
| Location | JOHNS CREEK, GA JOHNS CREEK, Georgia |
About this job
At Macy's, we're moving fastwe're at top speed to become America's premiere omnichannel retailer. Macy's technology hub, Macy's Systems and Technology (MST) strives to set the pace by providing seamless and compelling shopping experiences for our Macy's and Bloomingdale's customers. MST is creating innovative technology solutions to support these experiences and define the future of retailing.
The IT and Information Security Group is looking for team members to work on some of the latest and most advanced security tools and devices, including next generation firewalls, proxy servers, Security Incident and Event Monitoring systems (SIEM), and intrusion detection. The focus of the team is to understand advance cyber threats and build mitigation strategies, monitor active threat landscape, and ensure the enterprise is protected.
Overview:
Macy's Systems & Technology is seeking a senior level specialist in penetration testing for the Information Security Vulnerability Management area. This is a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks. The Sr. Penetration Tester will perform the daily operations of the team including vulnerability identification, risk assessments, vulnerability remediation, and validation testing.
The selected candidate should have experience and understanding of multiple security platforms and layers including automated and manual testing tools, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Risk Assessments.
Key Accountabilities:
The Senior Penetration Tester makes decisions based on operational status and project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks. The Specialist will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security risk exposure or operational stability. Will also be responsible for performing operating system, 3rd party application and internally developed application penetration testing and vulnerability assessments.
Other responsibilities will include:
Performing external and internal wired and wireless network penetration testing.
Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Specialist must have critical thinking skills.
Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.
Consistently demonstrates regular, dependable attendance & punctuality.
Other Duties as Assigned.
Skills Summary:
Minimum of 5 years' experience in IT or Information Security.
Experience with vulnerability assessment and penetration testing tools (such as nmap, Nessus, Qualys, eEye Retina, Metasploit, OpenVAS, OpenSSL, CoreImpact, WebInspect, etc.) and manual testing.
Knowledge or skill to be able to provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.
Able to create risk remediation reports.
Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
Maintaining metrics in addition to leading and analyzing security reporting.
Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.
Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, vulnerability scanning, web servers, SSL/encryption and reporting packages.
Identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
Understanding of web applications authentication, session management, form submission, etc.
An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.
Remediation experience with patching and/or mitigation for findings for all of the aforementioned testing/assessments
Risk assessment experience with computer systems and applications.
Best practice and architecture experience with computer systems and applications.
Expert level skills in manual methodologies and tools to perform the previous tasks.
Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
One or more Certifications such as: CISSP, OSCP, OSCE, OSWE, GWAPT OSWP, OSCE, GSEC, GISP, GPPA, GCUX, GCWN, GCED, GPEN, GSNA, GAWN, GXPN, or GSE
Excellent written and verbal communication skills.
Ability to explain technical concepts to technical or non-technical personnel.
Ability to read, write and interpret business and technical documents.
Basic math functions, critical thinking and analytical skills.
Must be able to work independently with minimal supervision.
This position involves regular ambulating, sitting, hearing, and talking. May occasionally involve stooping, kneeling, or crouching. May involve close vision, color vision, depth perception, and focus adjustment. Involves use of hands and fingers for typing on keyboard and using a mouse. May be a need to move or lift items under 10 pounds.
Knowledge or skill to be able to provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.
Able to create risk remediation reports.
Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
Maintaining metrics in addition to leading and analyzing security reporting.
Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.
Understanding of web applications authentication, session management, form submission Processes, etc.
Ability to work a flexible schedule based on department and company needs.
Bachelor's Degree preferred with 5-7 years of experience or an equivalent combination of education and experience.
Macy's Systems & Technology (MST) is the information technology division of Macy's Inc. Macy's Inc. is the nation's largest operator of department stores with over 800 department store locations in 46 states. In addition, we operate major catalog and internet operations for Bloomingdale's and Macy's. Macy's Systems & Technology is headquartered in Johns Creek, a suburban setting northeast of Atlanta, Georgia.
Our headquarters in Johns Creek, GAin suburban Atlantaoffers outstanding neighborhoods and top ranked schools, and is part of a thriving business and technology sector found in Atlanta's North Fulton County.
We offer competitive salaries, comprehensive benefits, employee fitness center and a merchandise discount.
Macy's is an equal opportunity employer, committed to a diverse and inclusive work environment.
The IT and Information Security Group is looking for team members to work on some of the latest and most advanced security tools and devices, including next generation firewalls, proxy servers, Security Incident and Event Monitoring systems (SIEM), and intrusion detection. The focus of the team is to understand advance cyber threats and build mitigation strategies, monitor active threat landscape, and ensure the enterprise is protected.
Overview:
Macy's Systems & Technology is seeking a senior level specialist in penetration testing for the Information Security Vulnerability Management area. This is a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks. The Sr. Penetration Tester will perform the daily operations of the team including vulnerability identification, risk assessments, vulnerability remediation, and validation testing.
The selected candidate should have experience and understanding of multiple security platforms and layers including automated and manual testing tools, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Risk Assessments.
Key Accountabilities:
The Senior Penetration Tester makes decisions based on operational status and project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks. The Specialist will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security risk exposure or operational stability. Will also be responsible for performing operating system, 3rd party application and internally developed application penetration testing and vulnerability assessments.
Other responsibilities will include:
Performing external and internal wired and wireless network penetration testing.
Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Specialist must have critical thinking skills.
Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.
Consistently demonstrates regular, dependable attendance & punctuality.
Other Duties as Assigned.
Skills Summary:
Minimum of 5 years' experience in IT or Information Security.
Experience with vulnerability assessment and penetration testing tools (such as nmap, Nessus, Qualys, eEye Retina, Metasploit, OpenVAS, OpenSSL, CoreImpact, WebInspect, etc.) and manual testing.
Knowledge or skill to be able to provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.
Able to create risk remediation reports.
Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
Maintaining metrics in addition to leading and analyzing security reporting.
Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.
Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, vulnerability scanning, web servers, SSL/encryption and reporting packages.
Identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
Understanding of web applications authentication, session management, form submission, etc.
An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.
Remediation experience with patching and/or mitigation for findings for all of the aforementioned testing/assessments
Risk assessment experience with computer systems and applications.
Best practice and architecture experience with computer systems and applications.
Expert level skills in manual methodologies and tools to perform the previous tasks.
Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
One or more Certifications such as: CISSP, OSCP, OSCE, OSWE, GWAPT OSWP, OSCE, GSEC, GISP, GPPA, GCUX, GCWN, GCED, GPEN, GSNA, GAWN, GXPN, or GSE
Excellent written and verbal communication skills.
Ability to explain technical concepts to technical or non-technical personnel.
Ability to read, write and interpret business and technical documents.
Basic math functions, critical thinking and analytical skills.
Must be able to work independently with minimal supervision.
This position involves regular ambulating, sitting, hearing, and talking. May occasionally involve stooping, kneeling, or crouching. May involve close vision, color vision, depth perception, and focus adjustment. Involves use of hands and fingers for typing on keyboard and using a mouse. May be a need to move or lift items under 10 pounds.
Knowledge or skill to be able to provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.
Able to create risk remediation reports.
Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
Maintaining metrics in addition to leading and analyzing security reporting.
Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.
Understanding of web applications authentication, session management, form submission Processes, etc.
Ability to work a flexible schedule based on department and company needs.
Bachelor's Degree preferred with 5-7 years of experience or an equivalent combination of education and experience.
Macy's Systems & Technology (MST) is the information technology division of Macy's Inc. Macy's Inc. is the nation's largest operator of department stores with over 800 department store locations in 46 states. In addition, we operate major catalog and internet operations for Bloomingdale's and Macy's. Macy's Systems & Technology is headquartered in Johns Creek, a suburban setting northeast of Atlanta, Georgia.
Our headquarters in Johns Creek, GAin suburban Atlantaoffers outstanding neighborhoods and top ranked schools, and is part of a thriving business and technology sector found in Atlanta's North Fulton County.
We offer competitive salaries, comprehensive benefits, employee fitness center and a merchandise discount.
Macy's is an equal opportunity employer, committed to a diverse and inclusive work environment.
Your Privacy Choices