Manage the day to day relationship with relevant internal parties or employees to understand their requirements, deliver appropriate, customized solutions and advice, and build cross-functional working in line with our client’s policies and processes. Develop and maintain effective relationships with key stakeholders to share best practices, provide technical advice and build bases of influence. US contact for penetration testing completed by third party test vendors. Manage the US vendor contract, managing the day to day relationship including negotiation, interpretation and application of established contractual agreements and/or service level agreements to ensure adherence to standards and best outcomes. Coordinate US vendor testing. Deal with issues such as quality control; escalations etc. Deal with all commercial and legal requirements such as contracts, insurance, the authority to test, etc. Scope penetration testing activities with projects. Explain findings and recommendations to technical and non-technical audiences. Ensure findings are managed in line with processes and establishing reporting and KPIs, ensuring they are meet Understanding of NERC CIP. Renewal of vendor penetration services.

Description

Our client is a Large Tech Company that specializes in the Energy/Utility industry. Our client is located in Waltham, MA and is looking to fill a 1+ year contract position.The Vulnerability Testing Team is part of the Vulnerability Management tower within the Security Team and supports the Security team’s global operations by identifying vulnerabilities via standard penetration testing assessments and identifying threats posing a genuine risk to our client via red/purple/advanced adversary team tests that replicate behaviors of threat actors, assessed by Government and commercial intelligence providers. This information will enable our client to proactively adjust its defensive posture.This role will support this objective by working with external penetration testing vendors to ensure our client’s testing needs are met. This is not a hands-on testing role but involves the management of the US penetration testing process and vendors. 

Key Responsibilities:

Manage the day to day relationship with relevant internal parties or employees to understand their requirements, deliver appropriate, customized solutions and advice, and build cross-functional working in line with our client’s policies and processes. Develop and maintain effective relationships with key stakeholders to share best practices, provide technical advice and build bases of influence. US contact for penetration testing completed by third party test vendors. Manage the US vendor contract, managing the day to day relationship including negotiation, interpretation and application of established contractual agreements and/or service level agreements to ensure adherence to standards and best outcomes. Coordinate US vendor testing. Deal with issues such as quality control; escalations etc. Deal with all commercial and legal requirements such as contracts, insurance, the authority to test, etc. Scope penetration testing activities with projects. Explain findings and recommendations to technical and non-technical audiences. Ensure findings are managed in line with processes and establishing reporting and KPIs, ensuring they are meet Understanding of NERC CIP. Renewal of vendor penetration services.

Required Skills:

5+ years’ of professional experience with technical testing

Experience in penetration testing scoping and estimating.

Vendor Management experience and the procurement of these services.

Full understanding of the penetration testing and cyber security testing life cycle and its pain points.

Experience in implementing the life cycle.

In-depth knowledge of the commercial, contractual and legal aspects of penetration / cyber testing.

Demonstrated ability to review reports, plan projects, manage testers, understand project prerequisite requirements before kickoff.

Knowledge/awareness in some of the following: Internal / External/penetration testing. Hardware / Device Testing Network security concepts and best practices Web-based application security concepts and penetration testing Network security concepts Social engineering techniques and tactics Windows/Linux/UNIX/OSX internals