Our client is looking for motivated security professionals with network, system, and application penetration testing experience. As a Security Consultant within the Security Testing Services division, your primary focus will be providing expert-level security testing services in a wide array of clientele and environments. You’ll work collaboratively within the Security Testing Services team as a specialist and assist with the planning, scoping, and execution of engagements, including network and application penetration tests, social engineering, and physical security assessments. The successful candidate will be strong technically, highly personable, client-focused and motivated to contribute to the continued development of a growing and close-knit information security organization. Responsibilities include:
- Conduct vulnerability assessment and red team penetration testing engagements to a wide variety of clients and industries.
- Assess, test, and penetrate unique environments such as mobile systems, ICS/SCADA systems, power grids, hospitals, and airplanes.
- Stay informed of the latest attack trends and tactics.
- Perform web application and wireless penetration testing.
- Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS).
- Create and conduct phishing and social engineering campaigns.
- Evaluate physical security controls and attempt to gain physical access.
- Identify, architect, and present new service opportunities within the context of existing client relationships.
- Provide research support and facilitate knowledge transfer on a wide array of security topics.
- Bachelor’s or higher education degree, technical discipline preferred.
- Industry certifications such as CISSP, GSEC, OSCP, GPEN, CEH, etc., are a plus.
- At least three (3+) years’ work experience in the IT or consulting fields
- A solid understanding of IT security technologies including network and application security, firewalls, access management, and data protection
- Experience with penetration testing toolsets, frameworks, and platforms (e.g., Metasploit, Kali Linux, Core Impact, Cobalt Strike)
- Experience with vulnerability scanning and analysis (e.g., Qualys, Nessus, Nexpose)
- Experience with web application vulnerability scanning tools (e.g., Security AppScan, Fortify WebInspect, Acunetix, Burp Suite Pro)
- Hands-on experience with scripting languages such as Python, PowerShell, or Ruby
- Experience and success in delivering client engagements on-time and within budget
- A desire to grow professionally by joining and contributing to a group of skilled consulting professionals that focus on exceeding customer expectations.
- Capable of managing and executing complex customer focused projects independently and as a team contributor
- Excellent verbal, written communication and interpersonal skills with customer service experience
- Ability to present and articulate findings to technical staff and executives
- Must be able to pass a background check
- Minimal travel required, Willing to work after standard business hours and on weekends
- Reverse engineering experience
- Source code auditing experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
- Experience with programming languages (e.g., Java, C, C++, .NET (C#, VB))
- Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
To apply for this job email your details to Jessica.Ohmer@benjamindouglas.com