Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret clearance required.
Candidate will be responsible for performing various security assessments, educating the client on the inherent risks, and providing meaningful hardening and mitigation strategies. Job responsibilities include network and web-based application penetration tests, physical security assessments, logical security audits, and hands-on technical security evaluations and implementations. Additionally, this person will be expected to develop subject matter expertise or focused capabilities in the topics of database security, wireless security, or application and development security.
- Conduct network and web-based application penetration tests
- Conduct physical security assessments
- Conduct logical security audits and hands-on technical security evaluations and implementations
- Develop subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security
- Conduct wireless security assessments
- Conduct social engineering assessments
Must also have:
- Demonstrated technical experience with:
- Web Application Penetration Testing.
- Linux, MS Windows.
- Vulnerability Detection and Remediation.
- Network Switching and Routing (Cisco).
Technical writing experience (required):
- Two+ years of experience in information security with specific application penetration testing experience.
- Working knowledge of TCP/IP ports and protocols.
- In depth familiarity with Windows and Unix operating systems.
- Familiarity with web proxy tools such as Paros and/or Burp.
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
- Familiarity with penetration testing tools such as BackTrack, Nessus, nmap, MetaSpolit, vulnerability scanning tools, tcpdump, wireshark, Nikto, etc.
- Familiarity with scripting in UNIX shell, PERL, or Python.
- Application assessment reports
- Standard operating procedures documents
- Formal policy and procedure documents
Other Qualifications (desired):
- Excellent written and oral communication skills.
- Self motivated and able to work in an independent manner.
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
- Familiarity with web application testing tools such as WebInspect a
- CISSP, GIAC, GWAPT, GPEN, CEH, LPT, or CCNA certification a plus.
- Advanced degree in an IT related field a plus.
- Working knowledge of firewalls and other network security products.
- Knowledge of applied cryptographic protocols.
- Familiarity with XML, SOAP, and Ajax.
- Experience using Rapid7 Nexpose and Metasploit Pro
Knowledge Consulting Group - 2 years ago