Email Opening
Title

Security Assessment Specialist 
EOE StatementWe are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.
 
Description

A Security Assessment Specialist (SecAssess) will be responsible for providing vulnerability assessment services to Paychex, Inc. using a comprehensive testing process. The Vulnerability Assessment process is comprised of manual testing procedures and specialized tools. The SecAssess Specialist will use their knowledge of tools and processes to expose common vulnerabilities and those used by security professionals for implementing countermeasures. They are responsible for testing the overall security of web applications, servers, and critical infrastructure devices. This also includes reviews to ensure compliance with internal policies and industry standards. The SecAssess Specialist will also push forward acceptance of secure coding practices within Paychex.

  • Responsible for working with the Security Assessment Manager to develop a strategic vision for the use of vulnerability assessments to ascertain the security posture of Paychex systems and networks. This information will be compiled and presented to business and technology owners to provide a report on the security posture of their systems and applications.
  • Perform site audits on various Paychex locations including branches, corporate and satellite facilities for physical, wireless, network, wire line vulnerabilities and personally identifiable information to provide recommendations to branch or manager on the securityof their location.
  • Perform highly technical and analytical application-level security testing to ensure that application designs meet defined security standards.
  • Assist in the identification and development of application security standards to develop the guidelines for secure coding.
  • Routinely perform research and analysis on newly discovered vulnerabilities to determine the potential impact to the enterprise.
  • Arrange for independent specialized third parties to periodically inspect, test and report on external and internal controls within the environment to ensure Paychex meets regulatory compliance.
  • Coordinate mitigation plan developments with the Security Compliance department within the Enterprise Data Security to address the discovery of new vulnerabilities within the Paychex infrastructure.
  • Interface with other teams at Paychex to coordinate assessment and remediation activities.
  • Contribute to vendor selection of hardware, software and professional services as it pertains to the Security Assessment team to ensure the enterprise tools are up to date.
  • Perform quarterly and ad-hoc penetration tests against selected targets – input identified issues into the Change Mgmt System.
  • Provide security expertise on projects/teams to further enhance security posture of Paychex.
  • Constantly test and update application security by demonstrating to management application weaknesses through exploitation – provide a layman's term¯ analysis.
 
Position Requirements
  • Bachelor’s degree or comparable experience in Computer Science, Computer Engineering, or another related field is preferred.
  • 7+ years experience in three of the following OS’s/DB’s: HPUX, Solaris, Windows, AIX, Linux, Oracle, or MS SQLServer. 1-2 years experience with web application development utilizing one or more of ASP, .NET, Java, Javascript, or Flash.
  • Familiarity with wireless security.
  • Familiarity with authentication mechanisms.
  • Well versed in the Penetration Testing process and it’s techniques.
  • General Working knowledge of Information Security concept.
  • Candidate must be a strong problem solver, hard-working, and self-directing.
  • Good verbal/written communication skills and be able to work directly with a variety of clients (business, development, data owners, etc.).
  • Knowledge of vulnerability management processes and procedures.
  • Vendor technical or industry certification(s) a plus. CISSP, SANS GIAC, CEH, etc
 
Category Information Technology  
Location NY, Rochester, Rochester 220 Kenneth Drive Office  
Full-Time/Part-Time Full-Time  
Req Number INF-15-00104  
Open Date 7/29/2015  
Hiring Manager(s) Brian Murtha  

This position is currently not accepting applications.

To search for an open position, please go to http://AdvancePartners.appone.com
 


AppOne.comTM   copyright©1999-2021 HR Services, Inc.
Click here for technical assistance.