Infrastructure Security consultant (USA/CANADA)
Description:
The Interview process w/ include a "LAB" - the will be asked to work the exercises in the lab, generate a report reflecting their experience, then present the report to our team as if we're a client
Overview:
The Cybersecurity Specialist {penetration tester} will conduct internal/external testing on network infrastructure, mobile applications, or web applications for corporate clients, actively evaluating the client's information security measures. The pen tester will conduct non-invasive analyses of externally-facing IPs and URLs to determine the potential risk of unauthorized access or if other malicious activity is possible. In addition, the Cybersecurity Specialist will have responsibility for evaluating our clients' susceptibility to social engineering. Any usage of Plextrak product or skills/background is highly desirable
Requirements:
Must have 5+ years experience in information security with web application, network penetration testing, manipulation of network infrastructure, Mobile and/or web application assessments, Email, phone, or physical social-engineering assessments experience performing manual investigative tests including the following skills :
Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work :
Perform phishing schemes /or Social engineering exploitations
Perform firewall assurance reviews utilizing commercial tools
Developing, extending, or modifying exploits, shellcode or exploit tools
Conducting Shell scripting or automation of simple tasks using Perl, Python, or Ruby
Perform, review and analyze security vulnerability data to identify applicability and false positives
Previous experience with network intrusion detection, extrusion detection and network analysis tools such as:
PREFERRED SOFTWARE: Nessus. Cobalt Strike. BurpSuite.
OTHER SOFTWARE: FireEye, Nessus, Metasploit, nmap, BurpSuite,Proxy, Nikto and/or BackTrack
Experience with detecting and assessing threats such as network and upper laver vulnerabilities with the ability to coordinate and facilitate containment and remediation efforts. Solid understanding of Networking and Operating Systems.
Familiarity with cryptographic principals, and common encryption schemes such as symmetric/asymmetric encryption, hashing, SSL/TLS, IPSec, PGP, S/MIME, SSH, PKI.
Demonstrated understanding of computer networking, operating systems, IDS/IPS, firewalls, OWASP and network security solutions
Must have previous experience creating/producing written reports as this is the primary deliverable at the end of a client engagement. - The creation of professional, comprehensive written materials & conduct management briefings
Security or testing certification a plus (e.g. CISSP, OSCE, OSCP, C EH, GXPN, GREM, GPEN, GWAPT, GAWN, GCIH, GCFA, GMOB, GCIA, GSEC
Must have independent project and time management skills. --Must be comfortable with and successful in meeting deadlines in a dynamic, evolving environment.