Sr. Information Security Analyst - #19529169
At Wipfli, people count
Our people are core to everything we do — the catalyst behind our ability to create exceptional impact and extraordinary results.
We believe in flexibility. We focus on relationships. We encourage each individual to follow their own path. And we seek feedback openly, from all.
People matter here and they feel it.
And we value curiosity. Curious is more than a personality trait. It's a way of thinking. Of learning. Of working.
There's purpose in this wonder. It makes us better. It makes us Wipfli.
If you want to be in an environment where you can make a difference — and make a professional home — Wipfli is the place for you.
Check out our Glassdoor Reviews to hear what people are saying about employment at Wipfli!
As an experienced member of the Information Security team, the Information Security Analyst will help improve the effectiveness and efficiency of the Information Secuirty team by identifying and executing on improvement efforts for the various security owned processes.
- Identify exploitable vulnerabilities and simulate real world attack scenarios by performing penetration tests and other assessments of services, products, infrastructure, and environments
- Review and report on the results of regular internal and external vulnerability scans. Work with other Firm departments, such as the Internal Information Technology team, to ensure identified vulnerabilities are resolved in a timely manner.
- Evaluate IT security processes, controls, and effectiveness through assessments.
- Increase the firm's ability to detect attacks by participating in the Security Operations function via threat hunting and investigations.
- Provide technical mentorship tp more Jr. members of the Information Security Team
- Advise the Internal IT team as a security subject matter expert in support of various projects.
- Associates Degree in Information Technology/Security
- 10+ years of related experience
- Preferred certifications include: GIAC Penetration Test (GPEN), CISSP, Security+
- Experience with security tools and frameworks such as: Metasploit, Kali Linux, CobaltStrike, Nessus/VAS, IP360, Burp Suite, and Nmap.
- Experience performing vulnerability assessments, penetration testing, application testing, and red team engagements.
- Experience with Kusto Query Language and KQL based security tools
- Experience conducting Incident Response and Investigations.
- Strong understanding of threat actor TTPs and the MITRE ATT&CK framework.
- Understanding of TCP/IP networking and common protocols such as HTTP, TLS, DNS, SMB, and SMTP.
- Technical knowledge of Operating Systems (Windows/Linux)
- Solid understanding of scripting using languages such as Python, Ruby, Perl, Powershell, Java, or VBSCript.
- Strong communication skills (written and verbal).
- Basic understanding of common vulnerability classes found in native code to include stack/heap-based overflows, null dereference, integer overflow, race conditions, and command injection.
- Experience setting up and operating fuzzers, such as Peach, against a wide range of applications and protocols preferred.
- Experience writing custom exploit code based on publicly available disclosure information preferred
Our recruiting team will guide you through our evaluation and interviewing process. We will communicate an update on your status as soon as possible. The recruiting team member guiding you through this process is Jane Welch, and you can find her on LinkedIN Here. She is based in our Madison, WI office and looks forward to guiding you through this process.
Wipfli is an equal opportunity/affirmative action employer. All candidates will receive consideration for employment without regards to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability, or any other characteristics protected by federal, state, or local laws.