M+E Technology Job Board
Senior Test Engineer – Advanced Endpoint Protection
NSS Labs
Description
NSS Labs, Inc. is the global leader in operationalizing cybersecurity. Through continuous security validation and global threat discovery and automation, NSS Labs empowers enterprises to reduce the operational burden of cybersecurity and address crucial gaps in their cybersecurity efforts. Informed by our experience and strong foundation of security product validation, NSS Labs offers CAWS, a cyber threat protection platform that provides businesses with visibility into the cyber kill chain and automated insights into active threats. With global visibility into active threats and vulnerabilities, CAWS delivers a unique cyber risk rating that makes cybersecurity measurable and helps enterprises focus their resources in the areas that make the most difference. Combined, this information enables businesses to continuously monitor and respond to threats, strengthen their cybersecurity posture, and have confidence that they are appropriately securing the enterprise. CISOs, security operations teams, threat researchers, and information security professionals from many of the world’s largest and most demanding enterprises rely on trusted insights from NSS Labs. For more information, visit www.nsslabs.com.
We are currently seeking a Senior Test Engineer in Austin, Texas to interact directly with vendors to generate, analyze, and document performance and security metrics for many different security products. This position works closely with many functions within the company to develop new tests, build out and maintain new test environments, and execute and maintain existing tests. As the expert responsible for testing a security technology from harness concept through to operation and maintenance, this individual will support the objective, scientific, fact-based approach to testing enterprise security technologies that the market has grown to respect and depend on.
Job Responsibilities:
- Development of test methodology and test cases that assess the efficacy of a security technology as it pertains to enterprise use cases
- Build out test environments, including installation of systems and products
- Conducting and/or overseeing on-site and remote vendor engagements
- Adherence to all test Standard Operating Procedures (SOP) including, but not limited to, test development best practices, test development workbook completion, scorecard development and engagement notes capture.
- Participate in the creation of thought leadership pieces (delivered as webinars or research papers) that assist enterprises in their decision making
- Communicate findings to both technical and non-technical audiences
- Overseeing the execution of tests according to methodological concepts
- Engage with and support enterprise clients to ensure the use cases and testing represent the challenges faced in product deployment
Required Skills & Qualifications
- Familiarity with endpoint security technologies or vendors: CrowdStrike, Cylance, SentinelOne, MalwareBytes. Technologies such as anti-exploitation, malware signature recognition, model-based static analysis, external sandboxing, virtualized dynamic analysis, execution flow hardening.
- 3+ years of hands-on experience with endpoint security technology
- Expert troubleshooting skills in MS Windows and Unix/Linux environments
- Experience and familiarity with concepts of penetration testing / red-teaming, from recon to backdooring & exfiltration
- Familiarity with offensive tools and frameworks (nishang, PSEmpire, Death Star, mimikatz, Burp, Zap, RedSnarf, crypters, packers, etc.)
- Packet analysis and network protocol dissection skills, using tools such as Wireshark/Ethereal
- Knowledge of the OSI model and attack/defense for each layer
- Working understanding basic application security
- Knowledge of the fundamentals of malware analysis
- Hands-on experience configuring server hardware and deployment of MS Windows and Linux operating systems
- MS Windows and Linux network administration experience
- Awareness of SDLC and quality assurance and how these relate to product testing
- Strong English verbal and written communication skills
- Professional presentation and communication skills
- Comfortable working with third-party vendors
Preferred Skills:
- Software development background
- Good understanding of security software testing
- Penetration testing experience
- Administration experience of a VMWare environment (pref. using PowerCLI)
- Scripting experience in Powershell, Python, Java, VBScript, Perl, Ruby, etc.
- Familiarity with modern methods of network and endpoint attack and compromise, including multi-part persistence, binary hacking, stage and stageless attacks, fileless malware, and advanced antivirus evasion
- Knowledge of regulatory compliance: GLBA, SOX, PCI, HIPAA and Assessment Services a plus
- CISSP, CPT, OSCP, or other professional certifications
NSS Labs
Description
NSS Labs, Inc. is the global leader in operationalizing cybersecurity. Through continuous security validation and global threat discovery and automation, NSS Labs empowers enterprises to reduce the operational burden of cybersecurity and address crucial gaps in their cybersecurity efforts. Informed by our experience and strong foundation of security product validation, NSS Labs offers CAWS, a cyber threat protection platform that provides businesses with visibility into the cyber kill chain and automated insights into active threats. With global visibility into active threats and vulnerabilities, CAWS delivers a unique cyber risk rating that makes cybersecurity measurable and helps enterprises focus their resources in the areas that make the most difference. Combined, this information enables businesses to continuously monitor and respond to threats, strengthen their cybersecurity posture, and have confidence that they are appropriately securing the enterprise. CISOs, security operations teams, threat researchers, and information security professionals from many of the world’s largest and most demanding enterprises rely on trusted insights from NSS Labs. For more information, visit www.nsslabs.com.
We are currently seeking a Senior Test Engineer in Austin, Texas to interact directly with vendors to generate, analyze, and document performance and security metrics for many different security products. This position works closely with many functions within the company to develop new tests, build out and maintain new test environments, and execute and maintain existing tests. As the expert responsible for testing a security technology from harness concept through to operation and maintenance, this individual will support the objective, scientific, fact-based approach to testing enterprise security technologies that the market has grown to respect and depend on.
Job Responsibilities:
- Development of test methodology and test cases that assess the efficacy of a security technology as it pertains to enterprise use cases
- Build out test environments, including installation of systems and products
- Conducting and/or overseeing on-site and remote vendor engagements
- Adherence to all test Standard Operating Procedures (SOP) including, but not limited to, test development best practices, test development workbook completion, scorecard development and engagement notes capture.
- Participate in the creation of thought leadership pieces (delivered as webinars or research papers) that assist enterprises in their decision making
- Communicate findings to both technical and non-technical audiences
- Overseeing the execution of tests according to methodological concepts
- Engage with and support enterprise clients to ensure the use cases and testing represent the challenges faced in product deployment
Required Skills & Qualifications
- Familiarity with endpoint security technologies or vendors: CrowdStrike, Cylance, SentinelOne, MalwareBytes. Technologies such as anti-exploitation, malware signature recognition, model-based static analysis, external sandboxing, virtualized dynamic analysis, execution flow hardening.
- 3+ years of hands-on experience with endpoint security technology
- Expert troubleshooting skills in MS Windows and Unix/Linux environments
- Experience and familiarity with concepts of penetration testing / red-teaming, from recon to backdooring & exfiltration
- Familiarity with offensive tools and frameworks (nishang, PSEmpire, Death Star, mimikatz, Burp, Zap, RedSnarf, crypters, packers, etc.)
- Packet analysis and network protocol dissection skills, using tools such as Wireshark/Ethereal
- Knowledge of the OSI model and attack/defense for each layer
- Working understanding basic application security
- Knowledge of the fundamentals of malware analysis
- Hands-on experience configuring server hardware and deployment of MS Windows and Linux operating systems
- MS Windows and Linux network administration experience
- Awareness of SDLC and quality assurance and how these relate to product testing
- Strong English verbal and written communication skills
- Professional presentation and communication skills
- Comfortable working with third-party vendors
Preferred Skills:
- Software development background
- Good understanding of security software testing
- Penetration testing experience
- Administration experience of a VMWare environment (pref. using PowerCLI)
- Scripting experience in Powershell, Python, Java, VBScript, Perl, Ruby, etc.
- Familiarity with modern methods of network and endpoint attack and compromise, including multi-part persistence, binary hacking, stage and stageless attacks, fileless malware, and advanced antivirus evasion
- Knowledge of regulatory compliance: GLBA, SOX, PCI, HIPAA and Assessment Services a plus
- CISSP, CPT, OSCP, or other professional certifications