Security Specialist, Technical: WebApp and VA


Vice President, Services



Start Date:


Travel Requirements:

Up to 50%

Position Description

The Security Specialist, Cybersecurity Technical is a member of the Technical Cybersecurity unit and consults with clients on web and mobile application security, as well as network and system vulnerabilities. The Security Specialist may be called upon to assist with services related to emergency incident response and digital forensics. The Security Specialist, Cybersecurity Technical position is a critical team member and is essential to the delivery of security services at GreyCastle Security.

This position will be joining one of the three cybersecurity-focused teams at GreyCastle Security:

  • Technical Cybersecurity Unit
  • Business Cybersecurity Unit
  • Governance Cybersecurity Unit

Of the three core components of cybersecurity; people, process and technology, the Technical Cybersecurity Unit focuses primarily in technology, while also supporting the other units. The Technical unit is comprised of Penetration Testing, Vulnerability Assessment and Incident Response.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Act as primary resource for web and mobile application vulnerability assessment and penetration testing engagements
  • Supports Technical Services team leaders as they assess and consult with clients in delivery of technical services, including Penetration Testing, Vulnerability Assessment and Incident Response
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Maintain proficiency with security tools, where applicable
  • Act as a cybersecurity resource for GreyCastle Security clients
  • Initiate and participate in process improvement
  • Supports senior members in all aspects of security and risk assessment
  • Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders

Supervisory Responsibility

This position has no supervisory responsibilities.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

This position requires the ability to occasionally lift office products and supplies, up to 20 pounds.

Position Type/Expected Hours of Work

This is a full-time position, and hours of work and days are Monday through Friday, 8:00 a.m. to 5 p.m.

Required Skills and Qualifications

  • Proficiency in commonly used web languages and frameworks, specifically ASP and/or PHP
  • Advanced knowledge of web application security best practices (i.e. OWASP, SANS)
  • Experience with web application vulnerability scanning tools, web application penetration testing tools and techniques, and source code analysis tools
  • Advanced knowledge of Secure Systems Development Lifecycle (SSDLC)
  • Outstanding communication skills, both written and verbal
  • Outstanding organization skills, attention to detail a must
  • Outstanding decision-making ability
  • Uncompromising ethics
  • Energetic and positive attitude
  • Willingness and ability to work in a controlled, confidential environment
  • Willingness and ability to work in a team-oriented, fast-paced environment
  • Willingness and ability to work relentlessly towards goals and deadlines

Required Education and Experience

  • Proficiency with Python, Ruby and Java
  • Experience with Incident Response methodologies and tools
  • Familiarity with a broad range of computing platforms and network protocols
  • Familiarity with regulatory mandates, including PCI-DSS, HIPAA, FERPA and others
  • Proficiency with Windows, Linux and other operating systems
  • Proficiency with Microsoft Office, including PowerPoint
  • Proficiency with Customer Relationship Management (CRM) applications and principle

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.