Cybersecurity: Security Testing Analyst


CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles to deliver seamless support services.


Technical & Domain Experience:


·       Experience performing automated and manual hands-on vulnerability testing, identifying security risks within target systems, and developing key recommendations to remediate identified vulnerabilities.

·       Thorough understanding of open security testing standards and projects such as OWASP.

·       Experience with testing tool set solutions, such as Qualys, Tenable, Rapid7, Metasploit, Burp Suite, Kali Linux, etc.

·       Knowledge of core cloud service provider (AWS, Azure, GCP) security practices and experience using security testing tools against resources in these cloud environments.

·       Experience with covert computer network exploitation and red team exercises.

·       Experience with enterprise secure code analysis solutions such as Veracode, CheckMarkx, AppScan source, etc.

·       Core understanding of cryptography and key management concepts.

·       Experience with key network security components, including firewalls, intrusion detection systems, anti-virus/anti-malware solutions, authentication systems, logging management systems, content filtering, etc.

·       Deep understanding of key web application security vulnerabilities, such as Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF).


Process & Project Management Experience:


·       Ability to manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.

·       Ability to work with client resources on vulnerability management engagements ranging from vulnerability scanning to remediation consulting.

·       Effectively communicate vulnerability findings and remediation strategy to client stakeholders including client leadership and technical security team resources.

·       Strong problem-solving and troubleshooting skills.


Soft Skills:


·       Ability to prioritize and multitask; flexibility and adaptability in work approach. 

·       Experience managing a team of consultants.

·       Self-motivated and possess a high sense of urgency and personal integrity.

·       Calmness and clarity of thought under pressure and ability to maintain confidentially. 

·       Strong written and verbal communication skills. 

·       Demonstrated leader with collaborative interpersonal skills.

·       Train other staff and external clients, as necessary. 


Technical Qualifications / Certifications:


·       Bachelor’s or master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.

·       Desired certifications: CISSP, OSCP, CHFI, CEH, GPEN, GWAPT.

·       A minimum of three years of professional experience in the cybersecurity industry conducting enterprise infrastructure, web application, network, and system penetration tests or vulnerability scans.