OneMain Financial Jobs

Home View All Jobs (2,086,127)

Job Information

SHI Associate Security Consultant - Vulnerability Management in Frankfort, Kentucky

About Us

As a digital and cybersecurity services company, Stratascale exists to help the Fortune 1000 transform the way they use technology to advance the business, generate revenue, and respond quickly to market demands. We call it Digital Agility.

To learn more about how we’re shaping the future of digital business and a more secure world, visit stratascale.com.

Job Description Summary

The Associate Security Consultant - Vulnerability Management is a critical role within Stratascale’s Adversarial Operations Group, assigned to the Vulnerability Management team. This individual will assist in leading and supporting the development and delivery of a diverse range of exposure management consulting, Vulnerability Management as a Service (VMaaS), and operational service programs to a portfolio of our clients.

Role Description ​​

  • Conduct day-to-day VMaaS activities, including vulnerability scanning, asset discovery, scan policy configuration, and reporting.

  • Independently conduct Attack Surface Control (ASC) engagements for a variety of clients, including the use of automated tools and manual micro-penetration testing.

  • With guidance from more senior consultants, monitor automated penetration testing tooling to identify and validate security weaknesses.

  • Perform validation of vulnerability findings to eliminate false positives and determine actual risk.

  • Collaborate with the penetration testing team to conduct further deep-dive testing as needed based on vulnerability discoveries.

  • Consult and document attack surface, threats, and vulnerability improvements based on the team’s overall assessment of the client’s environment.

  • Perform assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls.

  • Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations.

  • With guidance from more senior security consultants, collaborate with the client’s security teams to understand mitigation or resolutions for findings discovered by analysts.

  • Review Stratascale Cyber Threat Intelligence (CTI)-provided threat intelligence for specific threat vectors that align with the client's industry or potentially impact the client by using attack path modeling.

  • Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients and their stakeholders.

  • With guidance from more senior security consultants, provide technical support on remediation, cloud security, governance, compliance, and core infrastructure systems.

  • With guidance from more senior security consultants, assist customers with strategies, use of platforms, technical and compliance analysis, and implementing automation.

  • Execute consulting projects by creating and completing deliverables, ensuring client needs and practice obligations are met.

  • Participate in customer and internal meetings as required, providing technical guidance and facilitating discussions.

  • Stay educated on new product technologies, industry trends, and emerging capabilities within the practice.

Behaviors and Competencies

  • Communication: Can effectively communicate technical ideas and information to diverse audiences and collaborate with team members in client communications.

  • Relationship Building: Can contribute to team initiatives, collaborate with diverse groups, and support effective relationship management.

  • Self-Motivation: Can take ownership of personal and professional initiatives, collaborate with others when necessary, and drive results through self-motivation.

  • Negotiation: Can participate in negotiations and work collaboratively with others to drive consensus.

  • Impact and Influence: Can contribute positively to team goals and support a collaborative, results-driven environment.

  • Business Development: Can support business development initiatives and collaborate with various stakeholders to contribute to business results.

  • Emotional Intelligence: Can use emotional information to guide thinking and behavior, manage, and/or adjust emotions to adapt to environments or achieve one's goal(s).

  • Detail-Oriented: Can manage multiple tasks, maintain a high level of detail orientation, identify errors or inconsistencies at work, and ensure accuracy across all assignments.

  • Follow-Up: Can take ownership of assigned tasks, collaborate with others in managing follow-ups, and drive results through effective task completion.

  • Presenting: Can effectively use visual aids and clear communication techniques to present findings and engage both technical and non-technical audiences.

  • Time Management: Can manage assigned responsibilities effectively, balance competing priorities, and seek guidance when needed.

  • Analytical Thinking: Can apply analytical techniques to solve problems, draw insights, and clearly communicate findings.

  • Critical Thinking: Can gather and synthesize information from various sources to support informed problem-solving and decision-making.

  • Technical Troubleshooting: Can troubleshoot technical problems, collaborate with others to develop solutions, and drive results in problem resolution.

Skill Level Requirements

  • Experience with Vulnerability Management tools such as Tenable, Rapid7, Qualys, and Tanium to support day-to-day VMaaS delivery activities including scanning, asset management, and reporting. - Foundational to Intermediate

  • Familiarity with offensive security methodologies and frameworks such as PTES, OWASP (WSTG/MASVS/ASVS), MITRE ATT&CK, and threat modeling to support risk-based testing. - Foundational to Intermediate

  • Ability to develop exploit proofs-of-concept, reproduce vulnerabilities reliably, and support fix validation; familiarity with exploit development fundamentals is a plus. — Foundational

  • Reporting and communication skills, including writing technical reports with reproducible steps, risk ratings, and actionable remediation, and contributing to executive summaries with guidance; able to present findings to both technical and non-technical stakeholders. - Intermediate

  • Familiarity with vulnerability management workflows, responsible disclosure practices, and integration of pen test results into remediation programs and retesting cycles. - Foundational to Intermediate

  • Proficiency with productivity and documentation tools such as Word, Excel, PowerPoint, and Outlook to produce test plans, findings reports, and final deliverables. - Intermediate

The following skills are preferred, but not required:

  • Experience supporting penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments, including participation in scoping, rules of engagement, and debriefs. - Foundational to Intermediate

  • Familiarity with assessing cloud services (AWS, Azure, GCP) including IAM misconfigurations, storage, serverless, container/orchestration, and cloud networking, with an ability to communicate cloud-specific remediation guidance. - Foundational

  • Web application testing skills including auth flows, access control, injection, deserialization, SSRF, XXE, business logic abuse, and modern app architectures (SPAs, microservices, GraphQL, WebSockets). - Foundational to Intermediate

  • Familiarity with social engineering and phishing engagements, including payload development, infrastructure setup, pretexting, and measurement aligned to customer policies and legal constraints. - Foundational

  • Foundational scripting and automation skills to support testing and proof-of-concept development using Python, PowerShell, Bash, and basic Go or JavaScript as needed. - Foundational to Intermediate

  • Working knowledge of Active Directory and Azure AD attack paths (Kerberoasting, constrained/unconstrained delegation, ACL abuses, LAPS/MAPS, certificate services) and exposure to simulating enterprise attack chains. - Foundational

  • Hands-on experience with common offensive tooling and techniques, including reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, and data exfiltration, along with foundational operational security practices. - Foundational to Intermediate

  • Familiarity with red/purple team exercises and working alongside blue teams to translate findings into detection and hardening recommendations (e.g., SIEM detections, EDR tuning, hardening baselines). - Foundational

Other Requirements

  • Completed Bachelor’s Degree in a related field or relevant work experience required.

  • 1–3 years of hands-on penetration testing or vulnerability management experience, including exposure to engagements supporting mid-to-large enterprise environments.

  • Ability to travel to SHI, Partner, and client events, and on-site testing engagements as needed.

  • Industry certifications preferred (e.g., CPTS, OSCP, PNPT, Security+, CySA+, or vendor-specific VM certifications.)

  • Demonstrated understanding of legal/ethical considerations, testing authorization, and safe handling of client data.

The estimated annual pay range for this position is $80,000 - $110,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.

Equal Employment Opportunity – M/F/Disability/Protected Veteran Status

DirectEmployers