Lead Security Consultant
Infinite Computer Solutions · Campus, IL · 1 mo ago
Information TechnologyFull-time
Vulnerability Management
- Triage and manage vulnerabilities identified through scanning and manual efforts.
Security Architectures
- Develop and promote security architectures to protect microservices, serverless, containers, application development and operations practices.
Threat Modeling
- Utilize threat modeling concepts and frameworks such as MITRE ATT&CK, STRIDE, etc.
Compliance and Standards
- Ensure compliance to information security practices & standards to reduce the likelihood of breaches, audit findings, regulatory, and legal liabilities.
Metrics and KPIs
- Define and own metrics and key performance indicators to determine the effectiveness of the Security Automation program.
Complex Vulnerabilities
- Identify complex security vulnerabilities and exploit them before an external attacker can exploit them.
SAST and DAST Tools
- Leverage SAST and DAST tools such BurpSuite, Tenable etc. to perform Penetration testing on Trilliant platforms including Prime Analytics and Prime Read.
Penetration Testing
- Test Trilliant platforms against OWASP top 10 and other similar frameworks to identify vulnerabilities and Threats.
Data Gathering and Processing
- Leverage APIs for off-the-shelf and common security and IT tools to gather data for analytics.
- Ingest data from different sources, such as Tenable API, SonarQube API, threat models etc. to build data processing system for reporting & analytics.
Reporting and Analytics
- Present dashboards and ad hoc analyses to key stakeholders in order to increase adoption and understanding of key performance indicators (KPIs) and business drivers.
Vulnerability and Penetration Testing
- Execute security test activities such as SAST, DAST, SCA etc. on Trilliant Solutions and provide threat summary to stakeholders.
- Perform and deliver recurring security audits report on Trilliant solutions including 12x, uHES and Prime Analytics.
- Perform and Deliver VAPT regression reports on Trilliant solutions including Prime Analytics and work with program teams to mitigate and retest the identified risks.
- Deliver data driven security dashboard to reflect security posture of the solutions.
- Perform vulnerability and penetration tests of Trilliant systems, services, cloud infrastructure or applications to discover vulnerabilities.
- Document and publish high risk vulnerabilities and security posture of Trilliant Solutions.
Automation
- Contribute to requirements analysis, design, development, and adoption of security automation.
- Identify test cases ideal for automation and provide effective inputs into automation requirement.
- Leverage automation to scale penetration testing capabilities across Trilliant solutions (as applicable).