Mobile Mini, Inc. Austin , TX 78719
The Security Consultant - Application Penetration Tester is responsible for providing application penetration testing. The Security Consultant will perform project execution and report preparation activities and findings in support of a client engagement. The Security Consultant will provide expertise in support of the sales organization and be expected to contribute to practice development by way of process improvements and assistance with new offering development.
Primary Duties & Responsibilities
Conduct penetration testing of web and mobile applications. Candidate should be able to perform manual exploitation of identified vulnerabilities
Ability to recognize, explain, document and report vulnerabilities and exploits, describing remediation activities, with the ability to effectively communicate the results, in both technical and layman terms, to the appropriate audience.
Provide sales team with technical and security expertise in support of business development activities. Participate in sales calls, helps scope projects, provides pricing estimates and creates pre and post sales documentation.
Receive work assignments and timelines from the Practice Lead. Expected to maintain routine cadence with the assigned Project Manager to ensure all interested stakeholders are up-to-date regarding activities and project status.
Provide clients with consulting services during a contracted engagement. Work within area(s) of expertise (e.g., penetration testing, social engineering testing, framework compliance, etc.).
Review all findings and recommendations and work with assessment team to determine appropriate actions.
Understand and identify business processes specific to the client's environment and the appropriate risk management practices. Make recommendations for improvement of processes and controls.
Create and present clients with reports detailing methodology, findings, recommendations and remediation activities to increase security within the target environment
Perform other duties as assigned by your manager or practice lead
Basic Qualifications -
Bachelors Degree in Telecommunications, Engineering, Information Assurance/Security, Computer Science, Management Information Systems, or a related field
3+ years of consulting and technical experience in one or more of the following: web application penetration testing, secure software development, and code review.
Must have a demonstrated technical background and understand secure software development, patch and configuration management, and database systems.
Other Position Requirements -
Ability to think creatively when dealing with complex situations and attempting to manipulate and break applications
Demonstrated understanding of the OWASP top 10 and experience in discovering, verifying, and exploiting these vulnerabilities.
Demonstrated knowledge of and ability to create Proof-of-Concept exploits for the following vulnerabilities:
o XML External Entity (XXE) Processing
o Cross Site Scripting (XXS)
o Injection style vulnerabilities such as SQL Injection (SQLi)
Ability to discuss vectors for sensitive data exposure within various web applications frameworks
Must be proficient with BurpSuite Professional
Demonstrated knowledge of Page Controller and Model View Controller design/architecture and the difference in approach required for testing
Demonstrated knowledge of the common approaches to remediating the OWASP top 10
Demonstrated knowledge of the OWASP Application Security Verification Standards (ASVS)
A working knowledge of SSDLC best practices
Experience with programming or scripting languages such as Python, Powershell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc.
Ability to create project reports to convey complex, technical information clients can understand
Demonstrated communication and presentation skills, to include the ability to effectively work with clients in a consulting environment
The ability to work independently with minimal oversight
Demonstrated ability to manage multiple projects and timelines
Demonstrated ability to perform technical skills/knowledge transfer to client
Experience as a developer and proficiency with .NET or Java
A demonstrated understanding of Web Application development
Significant experience in development program creation and refinement
Experience with secure coding best practices in .NET or Java
Experience performing Secure Code Reviews
Experience or willingness to perform public speaking
Offensive Security Web Expert (OSWE) Certification
Offensive Security Certified Professional (OSCP) Certification
Offensive Security Certified Expert (OSCE) Certification
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification
GIAC Penetration Tester (GPEN) Certification
GIAC Web Application Penetration Tester (GWAPT) Certification
ISC2 Certified Information Systems Security Professional (CISSP)
Knowledge of emerging security technologies, software, and methodologies
Data Privacy and Security:
All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.
Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.
The position exists to provide technical consulting solutions to customers and as such requires the ability to travel to and from customer sites and interact with customers on an ongoing and regular basis.
The above primary duties, responsibilities, and position requirements are not all inclusive.
Sirius is an equal opportunity employer that values diversity. As a government contractor, Sirius takes affirmative action to employ and advance in employment qualified women, minorities, individuals with disabilities, and protected veterans; maintains a drug-free workplace; and participates in E-Verify.
Individuals who receive job offers will be required to complete pre-employment screening that includes a background check verifying name, residences, education, work experience, and criminal convictions consistent with the Fair Credit Reporting Act; and a drug test for controlled substances consistent with the Drug-Free Workplace Act and the Americans with Disabilities Act.
Sirius will not sponsor work eligibility for this position.