Security Consultant - Application Penetration Tester

Mobile Mini, Inc. Austin , TX 78719

Posted 3 months ago

Position Summary:

The Security Consultant - Application Penetration Tester is responsible for providing application penetration testing. The Security Consultant will perform project execution and report preparation activities and findings in support of a client engagement. The Security Consultant will provide expertise in support of the sales organization and be expected to contribute to practice development by way of process improvements and assistance with new offering development.

Primary Duties & Responsibilities

  • Conduct penetration testing of web and mobile applications. Candidate should be able to perform manual exploitation of identified vulnerabilities

  • Ability to recognize, explain, document and report vulnerabilities and exploits, describing remediation activities, with the ability to effectively communicate the results, in both technical and layman terms, to the appropriate audience.

  • Provide sales team with technical and security expertise in support of business development activities. Participate in sales calls, helps scope projects, provides pricing estimates and creates pre and post sales documentation.

  • Receive work assignments and timelines from the Practice Lead. Expected to maintain routine cadence with the assigned Project Manager to ensure all interested stakeholders are up-to-date regarding activities and project status.

  • Provide clients with consulting services during a contracted engagement. Work within area(s) of expertise (e.g., penetration testing, social engineering testing, framework compliance, etc.).

  • Review all findings and recommendations and work with assessment team to determine appropriate actions.

  • Understand and identify business processes specific to the client's environment and the appropriate risk management practices. Make recommendations for improvement of processes and controls.

  • Create and present clients with reports detailing methodology, findings, recommendations and remediation activities to increase security within the target environment

  • Perform other duties as assigned by your manager or practice lead

Basic Qualifications -

  • Bachelors Degree in Telecommunications, Engineering, Information Assurance/Security, Computer Science, Management Information Systems, or a related field

  • 3+ years of consulting and technical experience in one or more of the following: web application penetration testing, secure software development, and code review.

  • Must have a demonstrated technical background and understand secure software development, patch and configuration management, and database systems.

Other Position Requirements -

  • Ability to think creatively when dealing with complex situations and attempting to manipulate and break applications

  • Demonstrated understanding of the OWASP top 10 and experience in discovering, verifying, and exploiting these vulnerabilities.

  • Demonstrated knowledge of and ability to create Proof-of-Concept exploits for the following vulnerabilities:

o XML External Entity (XXE) Processing

o Cross Site Scripting (XXS)

o Injection style vulnerabilities such as SQL Injection (SQLi)

  • Ability to discuss vectors for sensitive data exposure within various web applications frameworks

  • Must be proficient with BurpSuite Professional

  • Demonstrated knowledge of Page Controller and Model View Controller design/architecture and the difference in approach required for testing

  • Demonstrated knowledge of the common approaches to remediating the OWASP top 10

  • Demonstrated knowledge of the OWASP Application Security Verification Standards (ASVS)

  • A working knowledge of SSDLC best practices

  • Experience with programming or scripting languages such as Python, Powershell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc.

  • Ability to create project reports to convey complex, technical information clients can understand

  • Demonstrated communication and presentation skills, to include the ability to effectively work with clients in a consulting environment

  • The ability to work independently with minimal oversight

  • Demonstrated ability to manage multiple projects and timelines

  • Demonstrated ability to perform technical skills/knowledge transfer to client

Preferred Qualifications:

  • Experience as a developer and proficiency with .NET or Java

  • A demonstrated understanding of Web Application development

  • Significant experience in development program creation and refinement

  • Experience with secure coding best practices in .NET or Java

  • Experience performing Secure Code Reviews

  • Experience or willingness to perform public speaking

  • Offensive Security Web Expert (OSWE) Certification

  • Offensive Security Certified Professional (OSCP) Certification

  • Offensive Security Certified Expert (OSCE) Certification

  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification

  • GIAC Penetration Tester (GPEN) Certification

  • GIAC Web Application Penetration Tester (GWAPT) Certification

  • ISC2 Certified Information Systems Security Professional (CISSP)

  • Knowledge of emerging security technologies, software, and methodologies

Data Privacy and Security:

  • All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.

  • Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.

Essential Functions

The position exists to provide technical consulting solutions to customers and as such requires the ability to travel to and from customer sites and interact with customers on an ongoing and regular basis.

The above primary duties, responsibilities, and position requirements are not all inclusive.

Sirius is an equal opportunity employer that values diversity. As a government contractor, Sirius takes affirmative action to employ and advance in employment qualified women, minorities, individuals with disabilities, and protected veterans; maintains a drug-free workplace; and participates in E-Verify.

Individuals who receive job offers will be required to complete pre-employment screening that includes a background check verifying name, residences, education, work experience, and criminal convictions consistent with the Fair Credit Reporting Act; and a drug test for controlled substances consistent with the Drug-Free Workplace Act and the Americans with Disabilities Act.

Sirius will not sponsor work eligibility for this position.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Penetration Tester

Apple Inc.

Posted 2 weeks ago

VIEW JOBS 10/31/2018 12:00:00 AM 2019-01-29T00:00 Apple is looking for a Penetration Tester to perform network and application security reviews for the Internet Software and Services organization, which includes iTunes, iCloud, Maps, and Siri, among others.Rather than find your thousandth XSS vuln, join us to review innovative code and pen-test systems on a scale you'll only find at Apple. Here you'll secure everything from kernel modules to web applications, providing remediations and recommendations on new security features and controls across Apple. You'll work hands-on with engineers to identify vulnerabilities, assess the security risk of complex systems, and craft creative solutions to keep Apple tight. Excited to work with engineers on security features and risk mitigationsPassionate about keeping Apple's customers safeCurious enough to hunt for vulns through large, complex code bases Obsessed with breaking software Able to articulate technical details and risks to lay people5 years of relevant security experienceDeep linux expertiseExperience testing low level C componentsProgramming experience in compiled and scripting languagesExpertise in common application security tools (fuzzers, proxies, code analysis tools, etc.)Experience attacking cryptographic implementation issues (TLS misconfigurations, etc.)Networking experience You'll be breaking (white and black box):Web applicationsMobile applicationsLow level networking componentsCrypto servicesContainer environmentsLinux kernel modulesLots of other interesting technologies we can't include hereYou'll be designing:Creative solutions to complex security issuesSecurity tools and servicesSecurity automation solutionsThreat models for products and environments Bachelors degree in Computer Science / Engineering with emphasis in security related fields (or equivalent experience)Certs like OSCP, OSCE, OSEE, etc. beneficial but not necessaryBonus points for community contributions like public CVEs, bug bounty recognition, open source tools, blogs, etc. Apple Inc. Austin TX

Security Consultant - Application Penetration Tester

Mobile Mini, Inc.