Title: Sr. Security Consultant-Assessment Practice
Post by: psmyth on December 15, 2009, 11:07:48 AM
Title: Senior Consultant – Assessment Services
Skills: Vulnerability Assessment, Network Penetration Testing, Application Penetration Testing, Wireless Penetration Testing, Remote and Physical Social Engineering, Network Architecture and Configuration Review, PCI Penetration Testing
Tax term: FULLTIME
Pay rate: Based on experience
About Halock: HALOCK Security Labs is a professional services organization focused 100% on information security. HALOCK is a hybrid services firm capable of addressing both the strategic and technical security needs of our clients. We are in partnership with our clients to help them protect critical information assets and meet compliance needs as well as international security standards best practices.
HALOCK offers services in PCI compliance and validation, vulnerability assessments, penetration testing, network security architecture reviews, development of information security management systems, and security solution implementations including SIEM, DLP, and encryption. Our full-time consultants and engineers may be a part of one or more of these service offerings depending on their skills and interests.
HALOCK prides itself on its ability to perform in-depth security assessments across a wide range of technical environments. Tired of the plain vanilla *checklist* audit? Looking to demonstrate your assessment skills with like-minded team members? HALOCK has a unique, challenging and motivated environment for you to further develop your career.
Due to client demand, we are continuing to expand our consulting team. Each client engagement is assigned a dedicated and capable group of consultants, project management, resources, and tools. You will be expected to utilize your skills and abilities to satisfy the scope of the engagement within budgetary requirements.
Job Responsibilities: Perform internal and external Vulnerability Scanning using commercial and open source tools
Perform internal and external network and application penetration testing using a variety of methods, tools, and techniques
Perform wireless penetration testing using both collaborative and covert methods
Conduct onsite Social Engineering including persuasion and technical attacks
Prepare and execute custom remote social engineering testing such as phishing, mock websites, and telephone contact
Perform hands-on review of network environments, including network device and server configurations, from both an advisory perspective as well as in support of HALOCK's PCI Audit and ISO governance practices
Exhibit knowledge of PCI, ISO, and NIST standards and demonstrate ability to complete required work papers with detail
Contribute to HALOCK's Assessment Framework including findings databases, checklists, templates, testing methods and techniques, and research
Adhere to HALOCK's code of conduct (http://www.halock.com/thecode.php)
Author detailed assessment reports, including presentation of findings to clients following the conclusion of testing
Required Skills: The ideal candidate must meet the following minimum criteria:
Five years full time penetration testing experience
Strong background in network and application technologies
Excellent technical and business level writing skills
Ability to multi-task without compromising deadlines and assignment expectations
Take direction from project management and work as part of a collaborative team
Previous consulting experience and ability to deliver under pressure
Strong organizational skills, including ability to deliver with minimal supervision
Basic to intermediate project management competencies such as following process and protocol for project delivery, ability to identify project risks, project multitasking, and ability to self manage when appropriate
Ability to execute assessments as defined in proposals, within assigned budgets and due dates
High motivation, integrity, and commitment to self development
Strong verbal communication skills
Preferred Skills: The following are ideal but not prerequisites for the role:
Formal education in Information Security, Information Technology, Computer Science, Engineering or related discipline preferred
Applicable certifications such as PCI QSA, PCI PA-QSA, C|EH, C|EI, CSSLP, CISSP, CISA, technical certifications such as MCSD, SCJD, SCJP, MCAD, MCPD
Network design and implementation experience
Application development experience
Disclosures: All candidates invited to interview will be required to sign strict confidentiality and non-disclosure agreements. Full background checks are performed, with consent, on all successful candidates before employment offers can be extended.
Benefits and Extras: Comprehensive benefits package including health, dental, 401(k), long-term disability and more
Career Roadmap Program with annual performance reviews
Training and paid certification opportunities
Strong team culture
Virtual testing labs
US citizens and Green Card Holders, EAD and TN are encouraged to apply.
We are unable to sponsor H1 candidates at this time
No 3rd parties please
Individuals only need apply
Travel required: Up to 25%
Keywords: Information security, assessment, application security, network security, CISSP, PA-QSA, QSA, CISA, PCI, hacking, penetration test, pen test, audit