Job Description
Note: The job is a remote job and is open to candidates in USA. SHI International Corp. is a global provider of IT solutions and services, and they are seeking an Associate Security Consultant - Vulnerability Management to join their Vulnerability Management team. This role involves assisting in the development and delivery of exposure management consulting and operational service programs for clients, conducting vulnerability assessments, and collaborating with senior consultants on security solutions. Responsibilities Conduct day-to-day VMaaS activities, including vulnerability scanning, asset discovery, scan policy configuration, and reporting Independently conduct Attack Surface Control (ASC) engagements for a variety of clients, including the use of automated tools and manual micro-penetration testing With guidance from more senior consultants, monitor automated penetration testing tooling to identify and validate security weaknesses Perform validation of vulnerability findings to eliminate false positives and determine actual risk Collaborate with the penetration testing team to conduct further deep-dive testing as needed based on vulnerability discoveries Consult and document attack surface, threats, and vulnerability improvements based on the team’s overall assessment of the client’s environment Perform assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations With guidance from more senior security consultants, collaborate with the client’s security teams to understand mitigation or resolutions for findings discovered by analysts Review Stratascale Cyber Threat Intelligence (CTI)-provided threat intelligence for specific threat vectors that align with the client's industry or potentially impact the client by using attack path modeling Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients and their stakeholders With guidance from more senior security consultants, provide technical support on remediation, cloud security, governance, compliance, and core infrastructure systems With guidance from more senior security consultants, assist customers with strategies, use of platforms, technical and compliance analysis, and implementing automation Execute consulting projects by creating and completing deliverables, ensuring client needs and practice obligations are met Participate in customer and internal meetings as required, providing technical guidance and facilitating discussions Stay educated on new product technologies, industry trends, and emerging capabilities within the practice Skills Completed Bachelor's Degree in a related field or relevant work experience required 1–3 years of hands-on penetration testing or vulnerability management experience, including exposure to engagements supporting mid-to-large enterprise environments Ability to travel to SHI, Partner, and client events, and on-site testing engagements as needed Industry certifications preferred (e.g., CPTS, OSCP, PNPT, Security+, CySA+, or vendor-specific VM certifications.) Demonstrated understanding of legal/ethical considerations, testing authorization, and safe handling of client data Experience with Vulnerability Management tools such as Tenable, Rapid7, Qualys, and Tanium to support day-to-day VMaaS delivery activities including scanning, asset management, and reporting Familiarity with offensive security methodologies and frameworks such as PTES, OWASP (WSTG/MASVS/ASVS), MITRE ATT&CK, and threat modeling to support risk-based testing Ability to develop exploit proofs-of-concept, reproduce vulnerabilities reliably, and support fix validation; familiarity with exploit development fundamentals is a plus Reporting and communication skills, including writing technical reports with reproducible steps, risk ratings, and actionable remediation, and contributing to executive summaries with guidance; able to present findings to both technical and non-technical stakeholders Familiarity with vulnerability management workflows, responsible disclosure practices, and integration of pen test results into remediation programs and retesting cycles Proficiency with productivity and documentation tools such as Word, Excel, PowerPoint, and Outlook to produce test plans, findings reports, and final deliverables Experience supporting penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments, including participation in scoping, rules of engagement, and debriefs Familiarity with assessing cloud services (AWS, Azure, GCP) including IAM misconfigurations, storage, serverless, container/orchestration, and cloud networking, with an ability to communicate cloud-specific remediation guidance Web application testing skills including auth flows, access control, injection, deserialization, SSRF, XXE, business logic abuse, and modern app architectures (SPAs, microservices, GraphQL, WebSockets) Familiarity with social engineering and phishing engagements, including payload development, infrastructure setup, pretexting, and measurement aligned to customer policies and legal constraints Foundational scripting and automation skills to support testing and proof-of-concept development using Python, PowerShell, Bash, and basic Go or JavaScript as needed Working knowledge of Active Directory and Azure AD attack paths (Kerberoasting, constrained/unconstrained delegation, ACL abuses, LAPS/MAPS, certificate services) and exposure to simulating enterprise attack chains Hands-on experience with common offensive tooling and techniques, including reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, and data exfiltration, along with foundational operational security practices Familiarity with red/purple team exercises and working alongside blue teams to translate findings into detection and hardening recommendations (e.g., SIEM detections, EDR tuning, hardening baselines) Benefits Health, wellness, and financial benefits to offer peace of mind to you and your family. Medical Vision Dental 401K Flexible spending Company Overview Think of SHI as your personal technology concierge. It was founded in 1989, and is headquartered in Somerset, New Jersey, USA, with a workforce of 5001-10000 employees. Its website is Company H1B Sponsorship SHI International Corp. has a track record of offering H1B sponsorships, with 1 in 2026. Please note that this does not guarantee sponsorship for this specific role.