The Information Technology (IT) Services group is a strategic practice unit within GBQ that serves internal and external GBQ clients at each of our locations. The Security Analyst will participate in security assessment and testing projects, assessment and test analysis, and controls implementation.

Our ideal candidate is an experienced IT professional whose career includes a broad range of hands-on experience working within an enterprise IT environment with security experience including vulnerability assessments, incident response, digital forensic, and penetration testing.

We serve clients throughout the Midwest with a majority of our clients located in Ohio or surrounding states. Focus on four major initiatives established by the Firm: Profitability; Practice Growth; Client Focus; and Brand Culture/Development.

Tasks:

We are seeking individuals skilled at performing vulnerability scanning and other technical security testing. Responsibilities will be based on background but will typically include:

  • Perform analysis and testing to verify the strengths and weaknesses of Systems and Network Infrastructure utilizing commercial vulnerability scanners (Qualys, Nessus, etc.)
  • Setup and configuration of commercial security vulnerability scanner tools (Qualys, Nessus, etc.)
  • Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.) utilizing commercial and open source security testing tools
  • Support senior-level penetration testers and application testers based on knowledge, skills, and abilities with penetration and/or application testing
  • Assist with the development of remediation recommendations for identified findings
  • Identify and clearly articulate (written and verbal) findings to senior management and clients. Help identify improvement opportunities for assigned clients

Basic Qualifications:

  • This position is for individuals with 1-5 years of experience in information technology with at least 2 years’ experience within the cybersecurity space in role that includes vulnerability management and security testing
  • Consulting or professional services backgrounds are preferred. Other candidates may be considered based on experience and skillsets
  • Ability to perform technical scans for infrastructure and cloud vulnerabilities using commercially available tools
  • Ability to analyze and document the results of the scanning
  • Experience with:
    • Vulnerability management and patch management processes and tools
    • Malware and eradication
  • Must be technically proficient in performing their assigned duties with minimal supervision while also working within a team environment
  • Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices
  • Strong verbal and written abilities
  • Strong multitasking and time management skills
  • Ability to travel as needed (GBQ is respecting social distancing throughout the pandemic and travel has been and will continue to be limited until the pandemic ends)

Preferred Qualifications:

The GBQ IT Services team conducts technical assessments, configuration reviews, vulnerability assessments, penetration tests and application security tests for clients of all sizes across most form factors.

We recognize that the ideal candidate will likely not meet all of these qualifications. Our preference is to find a candidate who aspires to these kinds of experiences, brings a mix of them in their background to extend beyond the basic qualifications.

  • Bachelor’s degree in computer science or related field from an accredited college/university
  • Perform Internet penetration testing (blackbox/greybox /whitebox testing) and code reviews (manual/automated) of web applications and related infrastructure
  • Perform automated and manual reviews of the underlying code of web applications in regards to common security weaknesses
  • Technical background in web application development, architecture, assessment or related fields
  • Experience with testing and development frameworks such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES)Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.)
  • Configuration and Security experience with Web Servers and Web Applications (Apache HTTP/Tomcat, Microsoft IIS, Sun One, Oracle iPlanet, IBM WebSphere, etc.)
  • Database Configuration and Security experience (MySQL, Microsoft SQL, IBM DB2, Sybase, Oracle, etc.)Web Service experience (XML, SOAP, WSDL, UDDI, etc.)
  • Experience with discovering and demonstrating web application vulnerabilities such as Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Injection Flaws, Remote file inclusion (RFI) and SQL InjectionCommercial Application Security tools experience (AppScan, WebInspect, Acunetix, etc.)
  • Web Proxy tools experience (Achilles, Webscarab, Burp, Spike, Paros, etc.)
  • One or more of the following technical certifications: Sun Certified Java Developer® (SCJD®); Microsoft Certified Solution Developer® (MCSD®) for .NET; Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); GIAC Web Application Security (GWAS);or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc.)
  • In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
  • Awareness of security laws, regulations, guidance, policies and directives would be helpful
  • Familiarity with at least one control framework (e.g. NIST, CIS, etc.)

Profitability:

  • Team player and deadline-oriented
  • Ability to multi-task and set workload priorities in a fast-paced environment
  • Complete assignments within established budget for assigned areas
  • Achieve charge hour budget and minimum billable hours as set by the firm
  • Participate in “approved” non-client initiatives to improve firm administration
  • Consistently utilize all firm and department software efficiently

Practice Growth:

  • Represent firm and build relationships by participating in outside activities
  • Demonstrate excellent written and verbal communication skills

Client Focus:

  • Ability to provide outstanding client service
  • Attention to detail and accuracy
  • Analytical and creative problem-solving skills
  • Work in partnership with other team members and client personnel to help ensure efficient flow of information from the client to IT Services/Audit team
  • Comprehend new, complex issues and perform basic research to solve complex problems

Brand Culture/Development:

  • Exemplify Brand Attributes of the firm
  • Comply with all policies and procedures of the firm
  • Demonstrate ability to work in a team environment and address conflict with peers
  • Consistently seek feedback on performance from superiors and enhance and develop professional and technical skills

 Organizational Relationships:

  • Security Analyst will report directly to a Performance Manager who will provide any necessary guidance relative to administrative issues or work performance through the formal evaluation process

Special Requirements:

  • Flexibility with travel and hours
  • Reliable transportation for on-site client work

NOTE: Given COVID-19 most of our work is done remotely. We anticipate a return to travel for some projects as the pandemic ends. At this point, most client work is being conducted remotely.

 

Job Application Form

  • Accepted file types: pdf.
  • This field is for validation purposes and should be left unchanged.