Cyber Vulnerability Analyst & Penetration Tester III - US

Designs, develops, implements and troubleshoots various information system (IS) and cyber security software. Develops, tests and validates solutions to remediate exploitable conditions on devices such as web servers, mail servers, routers, firewalls and intrusion detection systems. Evaluates, codes and implements software fixes (patches) to address system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning and web services manipulation. Conducts security assessments of systems and applications using penetration tests, ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities.**Python Development Experience** OSCE Certifications** 10+ Years Experience

Knowledge

• Requires in-depth conceptual and practical knowledge in own job discipline and basic knowledge of related job disciplines
• Solves complex problems
• Works independently, receives minimal guidance
• May lead projects or project steps within a broader project or may have accountability for on-going activities or objectives
• Acts as a resource for colleagues with less experience
• Level at which career may stabilize for many years or until retirement
• Strong knowledge of most security concepts, and how they apply to various technologies.
• Strong foundational, or expert-level knowledge, in 2 of the following: System administration, networking, cloud platforms, programming, incident response and threat analysis.
• Serves as technical escalation point for system owner issues, and configuring new, complex systems for automated assessments.
• Interprets and prioritizes vulnerability scan results into remediation actions, and is able to follow through with tracking actions through to completion.
• Performs and recommends tools for performing vulnerability assessments on servers, workstations, web applications, containers, and other components.
• Familiar with vulnerabilities, remediation, and industry-standard classification schemes (CVE and CVSS) and how to prioritize this information for any given system.
• Performs assessments on web applications for common vulnerabilities (OWASP Top 10)
• Regularly performs penetration tests, using basic and intermediate testing using common TTPs across many technologies at an enterprise-level scale.
• Performs vulnerability assessments of systems, devices, and interfaces independently with high severity findings.
• Summarizes and prioritizes findings into reports with standard templates to present to stakeholders. Improves reporting as needed.
• Performs red team mission testing mechanisms, executing the missions from formulation to lessons learned.
• Good understanding of writing automation using common programming or scripting languages such as Python, Bash, PowerShell, or JavaScript to support data collection, organization, and analysis and vulnerability assessments.
• Experience with version control systems such as Git and interacting with REST APIs.
• Familiar with vulnerabilities, remediation, and industry-standard prioritization and classification schemes (CVE, CVSS, vendor criticality and risk scores) and the limitations of each.
• Understands vulnerability criticality and exploitation impact between various kinds of vulnerabilities across various related systems.
• Foundational understanding of the major compliance regulations, such as PCI, HIPAA, HITRUST, or FedRAMP, with a good understanding of some of the controls surrounding vulnerability management

Responsibilities

• Other Incidental tasks related to the job, as necessary.
• Serves as technical escalation point for system owner issues, and configuring new, complex systems for automated assessments.
• Interprets and prioritizes vulnerability scan results into remediation actions, and is able to follow through with tracking actions through to completion.
• Performs and recommends tools for performing vulnerability assessments on servers, workstations, web applications, containers, and other components.
• Familiar with vulnerabilities, remediation, and industry-standard classification schemes (CVE and CVSS) and how to prioritize this information for any given system.
• Performs assessments on web applications for common vulnerabilities (OWASP Top 10)
• Regularly performs penetration tests, using basic and intermediate testing using common TTPs across many technologies at an enterprise-level scale.
• Performs vulnerability assessments of systems, devices, and interfaces independently with high severity findings.
• Summarizes and prioritizes findings into reports with standard templates to present to stakeholders. Improves reporting as needed.
• Performs red team mission testing mechanisms, executing the missions from formulation to lessons learned.
• Good understanding of writing automation using common programming or scripting languages such as Python, Bash, PowerShell, or JavaScript to support data collection, organization, and analysis and vulnerability assessments.
• Experience with version control systems such as Git and interacting with REST APIs.
• Familiar with vulnerabilities, remediation, and industry-standard prioritization and classification schemes (CVE, CVSS, vendor criticality and risk scores) and the limitations of each.
• Understands vulnerability criticality and exploitation impact between various kinds of vulnerabilities across various related systems.

The following information is required by the Colorado Equal Pay Transparency Act, New York City Pay Transparency Act, Washington Pay Transparceny Act and California Pay Transparency Act. This applies only to individuals working in the state of Colorado, Washington, California and New York City. The anticipated starting pay range of Colorado, California, Washington and New York City applicants for this role is $111,118-$1349,100 for CO and $122,500 – $163,100 for NYC, WA and CA. Unless already included in the posted pay range and based on eligibility, the role may include variable compensation in the form of bonus, commissions, or other discretionary payments. These discretionary payments are based on company and/or individual performance and may change at any time. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. Information on benefits offered is here.#LI-STORM#LI-DNIAbout Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.  More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.