Cincinnati Bell Jobs

Mobile cincinnati-bell Logo

Job Information

Cincinnati Bell Principal Information Security Consultant in Remote, United States

Job Purpose

The CBTS Security practice exists to improve the maturity of our customers’ information security programs. To that end, the Principal Information Security Consultant will be responsible for providing world-class security consulting services to CBTS customers. The Consultant will use extensive experience with security technologies, knowledge of accepted standards and best practices, and proven tactics against sophisticated attackers, to help CBTS customers defend their critical systems and sensitive data. The Consultant will also lead penetration testing engagements, simulating cyberattacks against customer networks, web and mobile applications, wireless and physical environments, and employees, using social engineering and phishing tactics. The Consultant will design, execute, and report findings to customers, in a way that contributes substantial value to their security programs.

Essential Functions

  • Lead “friendly” security assessment engagements for CBTS customers. While working with customer technical and executive staff, review the state of various technical and organizational controls processes, and policies. Perform gap analysis, comparing state to widely accepted best practices from vendors, regulatory and compliance bodies, and the security community at large. Document these gaps, along with sensible and relevant recommendations, in findings reports that satisfy the needs of both a technical and non-technical audience. 30%
  • Lead vulnerability assessment and penetration testing engagements of CBTS customer environments and controls. Using expertise in operation of commercial and open-source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers. Assessment types will include social engineering and phishing, wireless, mobile device, and physical security, and web application penetration tests. 40%
  • Perform pre-sales work. Discuss security and compliance needs with customers, and identify services that help meet those needs. Work with security sales specialists to design engagements for customers. Craft detailed proposals that effectively communicate expectations to customers. Identify vendor partners that offer effective solutions to modern threats and risks. Understand regulatory compliance requirements for customers in various industries. 5%
  • Assist CBTS internal technical staff with security needs. Provide recommendations for security architecture, processes and technologies. 5%
  • Assist CBTS marketing with promotion of security branding and services. Write technical whitepapers, blog posts, and other documentation. 10%
  • Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting-edge security technologies. Attend security conferences and participate in local security community events. Evaluate products and tools that can improve the security services team’s offerings, and provide value to customers. 10%

Education / Certifications

  • Four years of College resulting in a Bachelor's Degree or equivalent
  • GPEN Certification– GIAC Penetration Tester
  • OSCP Certification – Offensive Security Certified Professional

Experience

  • 8- 10 years of technical or consultative experience focused on security

Special Knowledge, Skills, and Abilities

  • Extensive Writing Skills; Compliance & Regulatory knowledge
  • Knowledge of the following governing regulations:

  • NIST Cybersecurity Framework

  • ISO27000 Series
  • CIS Controls
  • Payment Card Industry Data Security Standards (PCI-DSS)
  • HIPAA
  • CMMC / NIST 800-171
  • NIST 800-53
  • Tools: Reconnaissance, vulnerability identification, exploit selection, and post-exploitation frameworks, including Cobalt Strike, Metasploit, Nmap/masscan, Burp Suite Pro, Gobuster/Dirbuster, SQLmap, bloodhound, crackmapexec, bettercap, hashcat, john the ripper, hydra, aircrack,

Supervisory Responsibilities

Leads work teams (assigns, coordinates, and checks work) for peers working on collaborative consulting engagements

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

DirectEmployers