Cyber Security Analyst

at UL LLC
Published October 10, 2018
Location Northbrook, IL
Category Default  
Job Type Full-time  

Description

Overview

UL is looking for you if you're seeking a cutting edge career in Cyber Security!

We're leading the way in establishing cyber safety and are looking to hire some people to join this exciting new division within our organization!

Do you have experience with product embedded software? WE WANT YOU!

Seeking a highly technical penetration tester or ethical hacker with a software development background and domain experience in embedded product and software testing. The Cyber Security Analyst will conduct security assessments, advanced penetration tests, and ethical hacking to identify and demonstrate risks in embedded products and software by performing vulnerability analysis, exploitation, and developing and communicating risk analyses.

Contribute to a Safer, More Secure, and More Sustainable World.

At UL, we know why we come to work. Thousands of us around the world wake up every day with one common purpose – to make the world a safer, more secure, and more sustainable place to live. We clear the way for our customers to introduce the latest products, technological advances, and systems in an increasingly complex world so they can provide peace of mind to the market. Our integrity is woven throughout our company and shapes the way we approach deliver our solutions. We are proud that the work we do every day has a meaningful contribution to society. We continue to build upon our legacy of trusted expertise and partnership to keep our communities safe and secure as we march forward into the future. This helps us to sleep better at night, and we are confident that the millions of people we touch rest easier too.

Responsibilities

  • Conducts security assessments using automated and ad-hoc tools with manual assessment and exploitation as needed.
  • Conducts penetration testing against different technological domains including, but not limited to, web and mobile products, embedded and hardware products, wireless products, software, cloud based software, and smart device applications. These technological domains reside in critical infrastructure, nuclear, building automation, lighting, life safety, digital video, large commercial appliances, smart home and automotive.
  • Assess and calculate risk based on vulnerabilities and exposures discovered during testing.
  • Create required information security documentation, technical reports and formal papers on test findings, and complete requests in accordance with requirements.
  • Handle and complete customer projects to the defined requirements in the timeframe required by customer with the highest quality and integrity of work.
  • Meet and exceed customer’s expectations with projects and other related tests and activities.
  • Demonstrates a deep interest in learning new technology platforms for security testing.
  • Keeps abreast of the latest security news, trends, attacks, tools, and techniques.

Qualifications

  • University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline plus generally two years’ experience in cybersecurity, software development, or ethical hacking.
  • Strong expertise in testing in one or more of the following domains: web and mobile products, embedded and hardware products, wireless products, software, cloud based software, and smart device applications.
  • Preferred experience with in critical infrastructure, nuclear, building automation, lighting, life safety, digital video, large commercial appliances, smart home and automotive.
  • Experience installing and using various operating systems, application packages, and tools.
  • Hands-on experience with commercial and open source security solutions such as: AppSpider, Burp Suite, Metasploit Pro, Nexpose, Nessus, Kali Linux, Synopsys Defensics, Synopsys Coverity, Synopsys Protecode, Raspberry Pi, Arduino, etc.
  • Understanding of security issues on various operating systems, web and mobile applications, network components, embedded systems, and databases.
  • Experience with one or more programming or scripting languages.
  • Knowledge of industry standards and best practices a plus, such as IEEE, IEC, NIST SP 800 series, DISA STIGs, etc.
  • Security related certifications a plus: CEH, CISSP, GIAC, OSCP, OSCE

#CB