Sr. HP Ethical Hacking Security Consultant                    

For more info, contact ec dot gee[at] hp dot com, or call five one two, four 5 two, four one 1 four.

This posting is for a SENIOR level position, but a JUNIOR level pen testing/hacking position is also available.  The JUNIOR level position requires 2+ years experience in an IT enterprise infrastructure environment + 2 years experience in pen testing / ethical hacking.

For the SENIOR role, HP is seeking an experienced Ethical Hacker/Pen Tester for a long term, multi-year Houston engagement with one of our largest customers.   This is for an HP employee, not a contractor. Limited if any travel.  Ethical Hacking/Penetration testing guru, someone well steeped in the art (I think of it as an art) of intrusion detection/prevention for a Houston client with 5000 potential attack targets.  This person will be a SME in identifying and documenting data center infrastructure and application vulnerabilities, working from an adversarial perspective.   Upon conclusion of the project, this person would most likely be deployed on a gig with another customer of HP Technology Services.

One or more of the following certifications ideal:
 •   CEH - Certified Ethical Hacker (preferred)
•   GPEN - GIAC Penetration Tester
•   OSCP - Offensive Security Professional
•   ECSA - EC-Council Security Analyst
•   CEPT - Certified Expert Penetration Tester
•   CPTE - Certified Penetration Test Expert
•   PTS - Certified Penetration Test Specialis
A more detailed job description is attached.  
 
•   Scan and exploit vulnerabilities
•   Make recommendations, report findings.
•   Part of a three person hacking team, acting as an adversary, a subversive, taking trophies
•   Work as required during nights, weekends, and holidays as required
•   Respect the Rules of Engagement.
•   Use only approved data center security testing tools.
 

Education
•   BA or BS in CS or security and 8+ years experience in data center infrastructure
•   If no degree, 11+ years of experience in data center infrastructure

   At least a couple of recent years experience in one or more:
 
•   Ethical hacking
•   Pen testing
•   Adversarial attack emulation
•   Security lab fixed asset attack testing
•   OSSTMM or comparable security testing methods
•   Social engineering
 

   Has working knowledge with some of these open source tools / techniques (the more the better):

 
•   Applications scanning
•   Cryptography cracking
•   Fingerprinting
•   Firewall log analyzers
•   Forensics tool kits
•   Fuzzers
•   Hijackers
•   Jail breakers
•   NetBIOS scanning
•   Network pinging
•   Network testing
•   Packet crafting
•   Packet analyzers
•   Password crackers
•   Port scanners
•   Profiling
•   Promiscuous mode detection
•   Root kits
•   Sniffers
•   Steganography detection
•   Vulnerability scanning
•   War dialers
•   Word list generators

   Strong experience with White, Gray, or Black Box security testing ideal
   Understands  ISSF (Info Sys Security Assessment Framework) and OSSTMM (Open Info Systems Security Group – Penetration Testing Methods), Open Source Methods
   Able to make effective client presentations