Pyramid Consulting, IncRemote
Cybersecurity Engineer
United States of America
Full Time
2 weeks ago
$85 - $89 USD
H1B Sponsor Likely
Key skills
PythonPowerShellAWSAzureCI/CDLeadershipCommunicationPenetration TestingCloud Security
About this role
Pyramid Consulting, Inc. is seeking a talented Cybersecurity Engineer for a contract position. The role involves analyzing security simulation results, providing actionable recommendations, and collaborating with security teams to enhance security measures.
Responsibilities:
- Analyze Simulation Results: Evaluate the outcomes of Client, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities
- Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings
- Document and Communicate: Maintain documentation of Client methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders
- Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results
- Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats
- Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities
- Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture
Requirements:
- BAS / Continuous Security Validation (CSV)
- Attack Surface Management (EASM)
- Security Testing & Automation
- Experience with Breach and Attack (Client) or Continuous Security Validation (CSV) tool(s)
- Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
- Experience with penetration testing, vulnerability management, and security tools
- Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell)
- Bachelor's degree and twelve years of experience or an equivalent combination of education and work experience
- Banking or financial services experience
- Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs)
- Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls
- Knowledge of common threat intelligence sources and frameworks
- Excellent analytical, problem-solving, and communication skills
- Ability to work independently and as part of a team
- Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE Client&CK and D3FEND)
- Experience with GRC engineering
- Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture
- Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
- Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
- Experience with commercial Client tools: AttackIQ, SafeBreach, Cymulate, etc
- Experience with detection engineering and SOAR