CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles to deliver seamless support services.
Technical & Domain Experience:
· Experience performing automated and manual hands-on vulnerability testing, identifying security risks within target systems, and developing key recommendations to remediate identified vulnerabilities.
· Thorough understanding of open security testing standards and projects such as OWASP.
· Experience with testing tool set solutions, such as Qualys, Tenable, Rapid7, Metasploit, Burp Suite, Kali Linux, etc.
· Knowledge of core cloud service provider (AWS, Azure, GCP) security practices and experience using security testing tools against resources in these cloud environments.
· Experience with covert computer network exploitation and red team exercises.
· Experience with enterprise secure code analysis solutions such as Veracode, CheckMarkx, AppScan source, etc.
· Core understanding of cryptography and key management concepts.
· Experience with key network security components, including firewalls, intrusion detection systems, anti-virus/anti-malware solutions, authentication systems, logging management systems, content filtering, etc.
· Deep understanding of key web application security vulnerabilities, such as Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF).
Process & Project Management Experience:
· Ability to manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
· Ability to work with client resources on vulnerability management engagements ranging from vulnerability scanning to remediation consulting.
· Effectively communicate vulnerability findings and remediation strategy to client stakeholders including client leadership and technical security team resources.
· Strong problem-solving and troubleshooting skills.
· Ability to prioritize and multitask; flexibility and adaptability in work approach.
· Experience managing a team of consultants.
· Self-motivated and possess a high sense of urgency and personal integrity.
· Calmness and clarity of thought under pressure and ability to maintain confidentially.
· Strong written and verbal communication skills.
· Demonstrated leader with collaborative interpersonal skills.
· Train other staff and external clients, as necessary.
Technical Qualifications / Certifications:
· Bachelor’s or master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.
· Desired certifications: CISSP, OSCP, CHFI, CEH, GPEN, GWAPT.
· A minimum of three years of professional experience in the cybersecurity industry conducting enterprise infrastructure, web application, network, and system penetration tests or vulnerability scans.