Pondurance Careers

Do you have what it takes to be on the Pondurance Team?

Founded in 2008, Pondurance has since become one of the leading information security solution consultancies in the Midwest. Our experts (partners) engineer, pursue, and develop the latest industry trends and cutting-edge security technologies and innovations.

Every member of our team is an expert in their own right. This allows us to provide our clients with a formidable, confident and dedicated partnership. Many leading companies throughout the Midwest partner and collaborate with our team and have become trustees in our business.

Our Culture = Partners with Purpose

We operate with the lights on and windows open. Our clients can always reach us, and each team members operates with a sense of ownership and is a mentor to others on their team. We work hard to provide solid-as-a-rock, custom-fit solutions for our clients which means our partners (like you) have to be up for the challenge.

At Pondurance we thrive on a culture of excellence by adhering to the following core values:

  • Champion Others: Our foundation is rooted in a tenet of servant leadership.
  • Be Genuine: Strong relationships backed by a culture of integrity, purpose and trust.
  • Pursue Balance: Seek equilibrium in data, confidence, risk, work, and life itself.
  • Creative Collaboration: No islands. No outcasts. Problem solvers at heart designing impactful solutions.

If you think you have what it takes–submit your resume and cover letter to team@pondurance.com. Below is a list of our current positions.

 

All Open Positions

Summary

The SOC Manager leads and participates in daily SOC operations.

Job Description

Activities include, but not limited to, threat and target analysis, incident management, regular security metrics monitoring, network operations support, endpoint users support, troubleshooting, and contractual performance reporting. The Manager will help develop appropriate action plans for the issues detected and ensure that these plans are carried out appropriately. This will include the appropriate training of security analysts and enforce quality by developing and reviewing metrics, formal incident hunting and triage procedures, reporting and incident coordination, and overall handling of incident response. The goal will be to ensure that incidents are closed in a reasonable amount of time with an effective and productive solution, which will also lead to improving processes.

Qualifications

  • Act as a key member of the Incident Response Team
  • Lead the investigation and rapid response to security incidents; having the skills necessary to acquire, analyze, and interpret network sessions/transcripts, packet captures, and logs to accomplish rapid and accurate incident response
  • Manage staff of up to fifteen team members, promoting an operations oriented mentality, and assigning specific duties to deploy, operate and enhance cyber security protections, incident response tools, and other technology platforms
  • Responsible for enhancement of operational procedures, development of standard operating procedures, and maintenance of security documentation
  • Monitor key performance indicators, determine gaps in performance metrics, and recommend/execute change management techniques for efficiency/quality improvements
  • Oversee the monitoring, identification and resolution of security events to detect threats through analysis, investigations and prioritization of events based on risk/exposure
  • Minimum 5 years serving as a senior SOC manager, or equivalent security operations position, at the Enterprise level
  • Security Operations Center experience required; customer facing cloud product SOC experience highly desired
  • Networking: In-depth knowledge of network protocols, routing, VLAN, switching, and the ability to utilize packet sniffers, analyze packet traces

Education

Bachelor’s degree, any relevant field, with CISSP and/or other Network and/or Security related certifications

Other Qualifications

  • Proven record of effective leadership capabilities
  • Excellent communication skills, strong organizational skills, and utilization of key performance indicators to support operational excellence
  • Presentation skills
  • Research and report writing skills
  • Problem solving and decision making

Summary

Pondurance is rapidly growing. We are looking for a Senior Security Analyst who can be a leader within the organization and a trusted advisor to our clients.

Job Description

The successful candidate will assist in Incident Detection and Response as well as Vulnerability Management for our Threat Management Solution clientele. The candidate will be expected to perform duties to include both host-based and network-based forensic investigations after correlating events from the analyst console tool as part of our monitoring service. The analyst will use static and dynamic malware analysis to repeatedly identify detectable indicators of compromise and work with the team to develop
countermeasures. The candidate will also be required to work with the team to resolve issues, tweak current processes, and develop/improve existing work instructions. The candidate will also need to research new threats to an enterprise environment and work with the team to develop effective countermeasures.

Qualifications

  • Must have excellent oral and verbal communication skills
  • Experience with system or network administration (Unix/Linux experience preferred)
  • Experience and knowledge of information security, IPv4/v6 networks, network devices,
    proxies, IDS/IPS, and monitoring tools
  • Demonstrate experience with 2 or 3 of the following:Packet Capture (PCAP) analysis using Wireshark, Familiarity with commercial or open source log or SIEM solutions, Event analysis, correlation, reporting, and alerting, Reverse engineering malware and host-based analysis/detection, Service discovery tools such as nmap and vulnerability scanning tools such as
    Nessus, Nexpose, and/or Qualys
  • Ability to communicate technical problems, vulnerability, and risk into a business
    context understood by the client.
  • Ability to multi-task and work independently with minimal supervision
  • Ability to make sound decisions and possess excellent problem solving skills
  • Demonstrate strong composure with a balance of urgency and intensity, as well as
    focus.
  • Possess the desire to grow both technically and professionally in the information
    security field
  • Experience with electronics social engineering exercises and campaigns, using social
    media, email, and phone.

Education

Degree in Computer Science, Engineering, or a related technical discipline or equivalent experience

Other Qualifications

  • Degree in Computer Science, Engineering, or a related technical discipline or equivalent experience
  • 5+ years of experience with Linux Systems Administration

Summary

Pondurance is rapidly growing. We are looking for a Security Analyst who can grow within the organization and become a trusted advisor to our clients.

Job Description

The successful candidate will assist in Incident Detection and Response as well as Vulnerability Management for our Threat Management Solution clientele. The candidate will be expected to perform duties to include both host-based and network-based forensic investigations after correlating events from the analyst console tool as part of our monitoring service. The analyst will use static and dynamic malware analysis to repeatedly identify detectable indicators of compromise and work with the team to develop
countermeasures. The candidate will also be required to work with the team to resolve issues, tweak current processes, and develop/improve existing work instructions. The candidate will also need to research new threats to an enterprise environment and work with the team to develop effective countermeasures.

Qualifications

  • Must have excellent oral and verbal communication skills
  • Experience with system or network administration (Unix/Linux experience preferred)
  • Experience and knowledge of information security, IPv4/v6 networks, network devices,
    proxies, IDS/IPS, and monitoring tools
  • Demonstrate experience with 2 or 3 of the following:Packet Capture (PCAP) analysis using Wireshark, Familiarity with commercial or open source log or SIEM solutions, Event analysis, correlation, reporting, and alerting, Reverse engineering malware and host-based analysis/detection, Service discovery tools such as nmap and vulnerability scanning tools such as
    Nessus, Nexpose, and/or Qualys
  • Ability to communicate technical problems, vulnerability, and risk into a business
    context understood by the client.
  • Ability to multi-task and work independently with minimal supervision
  • Ability to make sound decisions and possess excellent problem solving skills
  • Demonstrate strong composure with a balance of urgency and intensity, as well as focus.
  • Possess the desire to grow both technically and professionally in the information
    security field
  • Experience with electronics social engineering exercises and campaigns, using social media, email, and phone.

Education

Degree in Computer Science, Engineering, or a related technical discipline or equivalent experience

Other Qualifications

None

 

Summary

Pondurance is rapidly growing, especially in compliance related engagements. We are looking for a Senior Compliance Consultant who can be a leader within the organization and a trusted advisor to our clients. Previous experience in consulting is not necessary, but a strong auditing, and/or information security, with working technical background, is needed for this position. The Senior Compliance Consultant would be expected to achieve the Payment Card Industry Qualified Security Assessor (QSA) designation.

Job Description

Senior Compliance Consultants lead compliance related projects from an assessor, tester, and project manager perspective. Our clients have a broad variety of regulatory compliance requirements, such as HIPAA, PCI DSS, NERC CIP, ISO 27001/2, and NIST.

The ideal candidate will have familiarity with compliance, risk management, or information security best practices and standards. Industry specific experience, such as healthcare, retail, or energy is a plus.

Qualifications

  • Auditing, assessment, information security, with strong working knowledge of IT competencies (networking, operating systems,databases, etc.)
  • Current CISSP, CISA, and or CISA designation is a plus
  • Organization and project management skills
  • Ability to focus on, including some leadership of, multiple client engagements
  • Ability to lead and direct a team of consultants
  • Ability to review the work of team members
  • Serve as a mentor to junior staff
  • Experience or willingness to learn various regulatory compliance requirements or frameworks
  • Ability to speak in a public forum / events

Education

Bachelor’s degree in a technical, business, or accounting field.

Other Qualifications

  • CISSP, CISA, PCI QSA or comparable certifications desired
  • Minimum 2 – 5 years of comparable work experience
  • Ability to travel up to 40%
  • Eligible to work in the US without sponsorship

Summary

Pondurance is rapidly growing. We are looking for a Security Testing Consultant who can be a leader within the organization and a trusted advisor to our clients.

Job Description

The successful candidate will assist Pondurance clients with uncovering vulnerabilities and weakness that put their environments at risk. The issues identified will be accompanied by a strong desire to assist the client with understanding how the risk applies and how the client can prevent and remedy specific issues. The role also requires contributing to the ongoing development and improvement of the Security Testing practice through team building/training, industry tool and article (blog) development, and client advisement.

Qualifications

  • Use automated tools as well as manual testing methods to identify and validate vulnerabilities identified in client organizations
  • Uncover meaningful risks relative to specific client environments and their (information) assets, exploitable through identified attack vectors
  • Ability to follow, manage, update, and create well-defined methodologies across a variety of security testing disciplines.
  • Strong competency with security testing tools required (e.g. Nessus, Nexpose, Qualys, Burp, Nmap, Kali, Metasploit, Responder, Wireshark, Kismet, Aircrack-ng, Redseal, Nipper, etc.)
  • System administration experience or familiarity with a variety of network devices/systems, operating systems, and development/software suites is required (e.g. Linux, BSD, Windows, Cisco, Oracle, JBoss, Active Directory, LDAP, etc.)
  • Understanding of strategic and tactical remediation techniques and approaches
  • Ability to demonstrate creating comprehensive deliverables is required (e.g. Penetration Test Reports, Configuration Review Assessments, Vulnerability Assessments, Social Engineering Exercise Reports, etc.)
  • Demonstrated experience with thorough documentation peer review processes as both the submitter and reviewer
  • Ability to work independently with no supervision as well as in team environments with more complex projects
  • Strong attention to detail as it pertains to statement of work, project management, and project documentation
  • Balancing multiple projects simultaneously with effective time management skills is required
  • Experience with scripting and/or programming languages such as Python, Ruby, Javascript, C/C++, Assembly, etc.
  • Passion for automating repetitive security testing tasks and creating tools to gain time efficiency and data consistency
  • Demonstrated experience with most or all of the following:
    • Vulnerability Assessment
    • Penetration Testing
    • Configuration Review/Hardening of network devices and general purpose operating systems
    • Wireless Network Security Assessment
    • Physical Security Assessment (Red Team) and Social Engineering
    • Web Application Security Testing

Education

Bachelor’s Degree with disciplines in the area of Computer Science, Management Information Systems, Information Assurance, or Cyber Security are preferred. Equivalent experience and/or training also acceptable

Other Qualifications

  • Minimum of two years experience performing Vulnerability Assessments, Penetration Tests, Wireless Security Testing and/or Configuration Review, and Social Engineering to enterprise organizations
  • Minimum of two years of experience in a consulting services role, or related information security position
  • Certifications are not required, candidates with OSCP, OSCE, GIAC, and CISSP are preferred.