Dynology is hiring a Cyber Security Risk Assessment Lead for our fast-growing, worldwide cyber assessment capability.  This position will manage a domestics and international team composed of US and European cyber assessment experts, focused on critical infrastructure. You will lead the Dynology Cyber Risk Program to perform regular & ongoing cyber threat, risk, and compliance assessments to identify potential threats, risks and compliance issues, devise the strategy and methods for developing and implementing appropriate defenses with countermeasures, remediation, policy & process improvement recommendations to the customer's security & risk posture. In this role you would provide regular, continuous cyber security, risk and compliance assessments, reports and prioritized recommendations as well as consultative support to assigned client(s). You’ll also support senior staff from with customer report generation, research and onsite activity support. This role will require some travel to occasionally work on-site at customer locations – domestic and international. Dynology leverages other products and services within the Dynology Security Service portfolio, whose goal is the pursuit of providing market-leading security services that reduces risk for our customers. The methodologies, essential practices, and risk intelligence used by these teams have been proven in the industry.

 Responsibilities:

• Provide exceptional delivery of security risk assessments and analytics in order to prepare planned, measurable, and practical corrective actions.
• Conduct assessments of the security of proposed and existing systems including threat assessment, vulnerability assessment, and security/penetration testing.  
• Research tools, techniques, countermeasures and trends in network vulnerabilities, data hiding and network security.   
• Perform risk identification and provide detailed guidance on mitigation or remediation as well as providing recommendations on security policies and initiatives.
• Review risk metrics results and provide input to information security reporting and dashboards.
• Analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, patch validation, and proper identification of high-severity vulnerabilities.
• Create and maintain a culture of partnership and collaboration to ensure that our customers can respond confidently and appropriately to the rapidly evolving security landscape.
• Quantify risk using threat likelihood, implementation state, and business impact variables and then how to prioritize risk initiatives based on business need, compliance requirements, and/or risk reduction.
• Identify and remove false positive findings and/or downgrade certain vulnerabilities based on Dynology Risk Intelligence.
• Understands the changing nature of the threat landscape and therefore understands the necessity of being able to adapt and respond appropriately to changing requirements and objectives.
• Maintain quality and performance indicators in order to meet service delivery targets and quality goals.
• Provide incident response support for security events including intrusion detection, malware infections, and denial of service attacks, privileged account misuse and network breaches. What we’re looking for...

Required Skills and Experience:

• Bachelor’s degree in A degree in Computer Science, Computer/Electrical Engineering, Information Security (or related field).
• Eight (8) or more years of experience in computer intrusion analysis or network security experience, with experience in critical infrastructure (energy grid, telecommunications, etc.) a plus.
• Experience conducting risk assessments based on one or more of the following standards and frameworks: PCI, ISO/IEC 27001/27002, NIST 800 Series etc.
• Experience in conducting on-site assessments, builds customer rapport, maintain positive customer relationships, and mitigate issues.
• Working knowledge of multiple operating systems (Windows, Linux, BSD); Understand network ports and protocols, network devices, and TCP/IP
• Experience in secure internet working technologies such as firewalls, intrusion detection systems, intrusion prevention systems, VPN’s, wireless, phishing, reputational, and group policies as they relate to the security and risk posture of a client organization.
• Experience in analyzing application, cloud security, wireless, and mobile device vulnerabilities and developing plans for remediation.
• Knowledge of cyber threat indicators.
• Understand Red Team penetration testing methodologies. 
• A current, active security certification such as CISSP, CISM, CISA, C|EH, C\IH, CRISC, GWAPT or equivalent SANS certification.
• Willingness to travel and work internationally for short periods of time (6 to 8 weeks).

​Preferred Skills and Experience:

• Able to work at the operating system command line. 
• Understand secure architectures and technologies. 
• Knowledge of at least one or more programming languages (Bash, Python, PowerShell, C/C++, C#).
• DoD 8570 IAT Level II certification. 
• Basic reversing skills, use of tools like IDA Pro, OlyDbg, WinDbg, etc. preferred. 
• Experience with development preferred.

Clearance: SECRET clearance or higher is required