Overview

Security Consultant candidates are motivated security professionals with a mix of offensive and defensive security backgrounds.

Often with several years of penetration testing background (not including previous IT experience), the primary role of a Security Consultant is to perform Internal and external network penetration tests. Application Penetration Tests against web applications, mobile applications, and web services would also be executed by this consultant. Security Consultants are expected to execute the appropriate testing methodology, identify risk at a level commensurate with the company bar, perform punctually, clearly document findings for multiple audiences, and demonstrate outstanding customer service skills.

• Deliver penetration tests against internal and external networks, web applications, mobile applications and web services
• Conducting password enumeration against SAM databases to identify user accounts and assess password strength through various attack methods
• Prioritize findings based on perceived risk, using existing knowledge of clients' business to ascertain finding severity
• Assist in enhancing various company security methodologies and other documentation
• Assist peers in identifying/exploiting issues during assessments
• Interpret and follow any applicable customer testing restrictions based on scope and kickoff calls
• Manage security requests and incidents while continuously communicating with clients
• Occasionally take part in client security incidents and vulnerability remediation activities
• Assist in developing best practices for security procedures
• Assess current risks and create steps to secure vulnerable systems
• Consistently brings new ideas for service improvement and increased efficiency to the team
• Passionately looks for opportunities to automate and innovate
• Be able to handle multiple assignments, manage priorities, and meet deadlines
• Have experience interacting with project stakeholders and vendors
• Assist in pre-sales engagements with customers if/when required
• Proven ability to independently manage and execute security projects, demonstrating strong organizational skills.
• Clearly communicate with customers in a friendly, punctual and professional manner eliciting a high level of client satisfaction
• Produce and deliver clear, concise, and professional reports (and additional deliverables)
• Collaborate with other subject matter experts on multi-discipline projects
• Lead by example in behavior, work ethic, and punctuality
• Demonstrates continued growth in knowledge and skills

• 2+ years offensive security consulting experience
• 2+ years defensive security experience
• 7+ years in networking and security related functions
• Bachelors of Science, preferably in Computer Science or Security or demonstrate equivalent experience/certifications
• Consulting experience is a strong asset
• Familiarity with OWASP top 10, SANS top 25
• High-level knowledge of common platforms and their vulnerabilities
• Has expertise in BurpSuite
• Experience with Kali Linux
• Experience searching for, and exploiting, vulnerabilities in fingerprinted services/components
• Can use existing research to craft proof of concepts for assessments
• Ability to alter existing exploits so they apply to different assessment targets
• Experience with defensive security tools including vulnerability scanners, SIEM, EDR, firewalls
• One or more of the following security certifications is preferred:
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Security+
  • SANS security specific certifications
  • GIAC Penetration Tester Certification (GPEN)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Cyber Threat Intelligence (GCTI)
  • GIAC Certified Incident Handler Certification (GCIH)
  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Defensible Security Architect Certification (GDSA)
  • GIAC Certified Enterprise Defender (GCED)
• Client-facing skills is a strong asset
• Demonstrate excellent communication skills both verbally and written