Security Analyst Test Engineer
Guided by its vision of Dynamic Security for the Global Network, SonicWALL® develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. SonicWALL offers a massively scalable architecture to address the rapid increase in bandwidth speeds and escalating volume, frequency and sophistication of Internet threats. Moreover, SonicWALL drives the cost and complexity out of building and running secure infrastructures, thus enabling greater productivity and IT efficiencies. Visit www.sonicwall.com.
- Bachelors degree, or foreign equivalent, in Computer Science or Engineering or related field
- 5+ years' experience of Professional Web-Application Development or Source Code Review (C/C++, C#, VB.NET, ASP, PHP, and Java)
- 8 or more years of overall experience in the information security field
- 2+ years' Certified Ethical Hacker (CEH) Knowledge Experience
SonicWALL is looking for talented individuals who want to work in cutting edge technology with a dynamic, fast growing company. If you have what it takes to thrive in this fast paced environment and you meet the minimum requirements for this position, please contact us. We'd love to hear from you!
SonicWALL, Inc. is an equal opportunity employer dedicated to affirmative action and workforce diversity. SonicWALL offers great benefits, including paid vacation, 401K, health and dental and a challenging and fun work environment.
Visit our website at www.sonicwall.com for further information regarding our company and its products.
This is a very visible position responsible for all aspects of the SonicWALL Security products. We are looking for a Security Analyst to perform on-going vulnerability assessment and penetration testing of the SonicWALL security products and internal backend network. Serving as a member of the Security Assessment Test Team (SATT) responsible for improving the overall security posture of the enterprise network. The Security Analyst will run periodic scans, identify vulnerabilities, develop test plans for exploiting vulnerabilities in a controlled environment, perform penetration testing, document results, investigate and propose mitigations for identified vulnerabilities, and work with team members as to mitigate the identified vulnerabilities.
The Security Analyst will also serve as an escalation point for addressing any threats identified by the enterprise security tools and processes.
Responsibilities:
- Perform research, analysis, and testing of network, application, physical and procedural vulnerabilities via vulnerability assessment, penetration test and/or social engineering
- Perform vulnerability scanning of SonicWALL products, workstations, servers, and appliances in the backend network
- Perform internal vulnerability assessments and penetration tests prior to external audits
- Clearly outline and portray test findings via well documented reports
- Review IDS and or firewall signature / rule sets and make recommendations for improvement
- Acquire a comprehensive technical understanding of all products in the SonicWALL product line and the underlying hardware/software technologies within the solution stack to enable technical leadership through the analysis stage to resolution of issues
- Work with other team members to respond to any alerts and/or threats identified by the security tools and processes.
- Identify, research, and assist in the implementation of any security tools and/or processes to improve the overall security posture
- Maintain up-to-date detailed knowledge of the IT security threats and plan, prioritize, and implement, mitigation controls as necessary
- Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
- Participate in investigations into problematic activity.
- Experience or familiarity with securing Microsoft SQL databases and IIS web services
- Working technical knowledge of vulnerability scanning and remediation, traffic monitoring, and log analysis
- Provide on-call support if necessary for all in-place security solutions
- Perform other duties as assigned
Required Qualifications:
- Pen Tester, Penetration Tester, Mu Dynamics, BreakingPoint, IXIA (IX-Attack), vulnerabilities, GPEN, Nmap, Nessus, metasploit, Securityforest Exploitation framework, CORE IMPACT, testing, security
- Knowledge of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.)
- Must understand how data flows through an application and connected components (SMTP, LDAP, Database servers) and common software security issues and remediation techniques
- Proven analytical skills and technical competence, ideally in a manager or team lead
- Microsoft Certified Systems Administrator: Security
- Strong people manager and motivator, with strong team coaching and people development skills
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
- Demonstrable presentation skills
- Strong communicator
- Self-starter, motivated and positive
- Strong hands on leader
Open all references in tabs: [1 - 3]