Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Senior Security Consultant - Penetration Tester

Expired Job

MAP SSG New York , NY 10004

Posted 3 months ago


Penetration Tester will assist in delivering security consulting engagements of various types, e.g. penetration tests, security architecture and configuration reviews, etc.
APenetration Testeris expected to keep up to date with the latest IT Security developments, news and attack techniques and to ensure the wider team receive and understand this knowledge.
Penetration Testerswill receive special focus from Principal Security Consultants in order to assist their progress, but emphasis is also placed on self-study and a desire to learn.
There will be a requirement to lead small to medium projects and to help mentor Junior Penetration Testers and Security Consultants.
A Penetration Tester must work towards attaining upper level industry certification such as the Offensive Security Certified Professional, Offensive Security Certified Expert, CREST CCT, CREST CSAM and CREST CSAS, for which support will be provided.
Requirements
Demonstrably strong skills and experience in several of the following domains:
  • Web application penetration testing
  • Infrastructure penetration testing
  • Mobile penetration testing (iOS, Android, Windows Phone)
  • Server and workstation secure build configuration review
  • Firewall ruleset and configuration review
  • Social Engineering, Open Source Intelligence Gathering, Phishing
  • Demonstrably strong social and presentation skills.
  • Demonstrably strong written and speaking English skills.
  • Demonstrably strong commercial awareness.
  • OSCP/OSCE, CREST CCT or equivalent level of IT security related certification.
  • An ability to lead, teach, present and inspire the wider team.
  • At least 24 months of relevant IT security industry experience in the past 3 years.
Responsibilities
  • Deliver penetration testing and other related security audit activities.
  • To perform kick off calls, wash up calls, email responses and debrief for each assigned engagement.
  • To help develop client relationships and to provide professional consultative-style engagements.
  • Write full and thorough reports for each engagement that show quick and constant improvement, based on comments from QA and peers.
  • Through self-study and mentorship the individual must demonstrate an ability to rapidly verse themselves in a wide variety of IT security skills.
  • Willingness to mentor Junior Security Consultants and Security Consultants where appropriate and/or requested.
  • To lead variety of sized projects as deemed appropriate.
  • Where appropriate and/or requested, to provide labs for the company CTF, deliver effective and useful clinic (training/research) days and to take part in any other activity which promotes the teams cohesion and ability to progress.
  • When requested, to provide technical analysis of current information security events, especially for the purpose of media coverage.
  • When requested, to prepare and run the weekly penetration testing team weekly meetings in an effective manner and using the provided standard template and report any concerns raised to management.
  • To assist in Security Testing related activities, providing technical assessment of scope, principal security concerns and testing methodology to Account Manager, including face-to-face meetings when requested.
  • When requested, to formally review reports submitted to Quality Assurance to the standard expected.
  • To provide insight into methods of team improvement, process improvement and improvement of any other aspect of day-to-day team delivery.
  • To demonstrate strong inter-personal skills and to be responsible for one or more strategic areas as requested.
  • To assist Management in performing other tasks as requested and required for effective business function.
upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Manager Senior Penetration Tester

American Express

Posted 7 days ago

VIEW JOBS 1/11/2019 12:00:00 AM 2019-04-11T00:00 This position, reporting to the Director of Third Party Risk, will be part of a team responsible for the assessment and continuous monitoring of the company's most critically sensitive third parties. The team is also responsible for performing in-depth technology and information security assessments of critical third parties. The person in this position will be responsible for assessing application security of third-party services, and providing process recommendations, and performing testing of program controls. Responsibilities also include: * Support execution of technical assessments for the company's most critical third parties * Assist with evaluation of tools / technologies to support assessment and monitoring capabilities * Perform on-going tracking and monitoring of progress * 7 years of experience in application penetration testing and tooling, advanced red team, or application security engineering and architecture, preferably in a large and distributed operating environment * Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability, change management * Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP) * Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr * Expert knowledge of OWASP Top 10 and ability to articulate web security risks * Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat * Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus * Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus * Knowledge of SDLC, Agile, Waterfall, or Scrum * Information Security, Security Testing and/or Risk Analysis Experience * A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management * Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion * Proven excellent relationship management skills with all levels of the enterprise are required. * Ability to effectively collaborate across teams * Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders * Ability to identify gaps between one's skillset and the needs of the team * Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps * Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea * Involving the right people to ensure the best decisions are made in a timely manner * Ability to analyze complex information and identify the most relevant details * Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity * Strong sense of personal accountability and ability to drive results * Bachelor's Degree in Computer Science, Engineering or similar technical field of study, or equivalent practical experience Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions. Why American Express? There's a difference between having a job and making a difference. American Express has been making a difference in people's lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards. We've also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they're ready to take on a new career path, we're right there with them, giving them the guidance and momentum into the best future they envision. Because we believe that the best way to back our customers is to back our people. The powerful backing of American Express. Don't make a difference without it. Don't live life without it. American Express New York NY

Senior Security Consultant - Penetration Tester

Expired Job

MAP SSG