SECURITY ANALYST - PENETRATION TESTER I

SECURITY ANALYST - PENETRATION TESTER I

Vacancy expired!

NIC Inc. is seeking a highly competent individual to join the Corporate Security Team at the NIC headquarters in Olathe, KS. This position will provide support for Corporate Security activities with a focus on evaluation of infrastructure and applications through penetration testing.

NIC is the leading provider of outsourced eGovernment services. We build and manage official government Web sites and eGovernment services for 30 states and hundreds of local governments in the United States. NIC designs, manages, and markets eGovernment services on behalf of state and local governments. We partner with government leaders and establish local offices to provide customized solutions for each government we serve. Our electronic government solutions use technology to increase efficiency and reduce costs for governments and their constituents.

SUMMARY:

As a part of a team, assist with the assessments of application environments to identify vulnerabilities using a combination of manual and automated tools. Assist with the tracking of identified risks through the development lifecycle to remediation. Work with technical teams to understand the impact of vulnerabilities and the need for secure coding practices.

KEY RESPONSIBILITIES:

• Assists application security team in performing penetration tests on networks, systems and applications using a combination of automated and manual tools following a defined process.
• Perform application vulnerability scans on applications using automated tools following a defined process with assistance as needed.
• Perform source code vulnerability scans on applications using automated tools following a defined process with assistance as needed.
• Tests, implements, and maintains moderately complex security systems including hardware, software, data bases, networks, and/or telecommunication with assistance as needed.
• Evaluates the threat, risk and impact of potential vulnerabilities following a defined process with assistance as needed.
• Assists the application security team with updating information on identified issues and training end-users in the use of tracking tools used for tracking remediation of identified issues.

EXPERIENCE/EDUCATION:

• Bachelor's degree in the field of Information Systems, Computer Science, Computer Engineering, Engineering or Physical Science with a minimum of 24 semester hours of computer-related courses, or equivalent work experience.
• Two years of related job experience in Information Systems security.
• Basic understanding of application security acquired through direct experience or the equivalent.
• Basic understanding UNIX (Linux, Solaris, etc) and Microsoft Windows skills.
• Basic understanding of common software applications including spreadsheets and word processing, strong verbal, written skills.
• A basic understanding of the following security concepts:
  
  
  
  • Application Vulnerability Assessments
  • Common Application Weaknesses
  • Operation Systems Weaknesses
  • Penetration Testing Methodologies
  • Perimeter Security (firewalls, intrusion detection, etc.)
  • Regulatory compliance: PCI-DSS, SOX, HIPAA
  • Secure Development Concepts
• Basic understanding of application development in at least one primary language – examples include C, C, C#, Python, Java, J2EE.

Benefits:

• Competitive compensation program
• No-cost group medical/dental insurance
• Stock purchase plan
• Matching 401(k) contributions with 100% vesting
• Disability insurance
• Life insurance
• Company wellness program
• Casual and fun office environment
• Paid State holidays/vacation
• Tuition reimbursement