Experienced Consultant looking for side work



User avatar


Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sat Nov 17, 2007 9:49 pm

Experienced Consultant looking for side work

Hello EHN community,
I am an experienced penetration tester and computer forensics examiner looking for hourly or contract work.  I am physically located in the Midwest region of the US, but I can work remotely for any global region or time zone.  In addition to my technical skill set I have extensive experience producing professional formal reports, managing large scale engagements, and I regularly present to C level executives.  Currently I am a consultant for one of the Big-4 advisory firms where I manage their penetration testing and vulnerability assessment teams.  My full resume is available upon request.
-Bachelor's & Master's in Computer Science
-BackTrack Suite, Metasploit, Paros, AppScan, Nessus, etc.
-EnCase, Helix, Autopsy, FTK
-C, C++, Ada, LISP, HTML/XML, Java, JavaScript
-(Present) Security Consultant
--Multiple Fortune 100, State/Federal Government customers
        --Several international customers
-Manager of DoD SOC
-Air Intelligence Agency
-Air Force Office of Special Investigations
--Computer Crimes Investigations



Posts: 5

Joined: Tue Apr 01, 2008 3:22 pm

Location: Illinois

Post Thu May 15, 2008 6:12 pm

Re: Experienced Consultant looking for side work

hi there,

i am a technical recruiter looking specifically for security specialists. if you are still looking for opportunities, please feel free to contact me at ac[at]systegration[dot]com or 847-375-8700 x240.

thank you!

andrea cross
Senior Technical/Security Recruiter


Post Thu May 15, 2008 10:53 pm

Re: Experienced Consultant looking for side work

will you be at chicagocon?



Posts: 6

Joined: Tue May 19, 2009 12:10 pm

Post Thu Nov 05, 2009 9:48 am

Re: Experienced Consultant looking for side work

Hi ,

I am not sure about your availability for a new job.
Please let me know if you are available and interested in this position.

I can get you an interview latest by tomorrow morning.

Functional Security Testing
Remote with 20% travel
6+ months contract
• Input validation bypass – Client side validation routines and bounds-checking restrictions are removed to ensure controls are implemented on all application parameters sent to the server.
• SQL injection – Specially crafted SQL commands are submitted in input fields to validate input controls are in place to properly protect database data.
• Cross-site scripting – Active content is submitted to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.
• Parameter tampering - Query strings, POST parameters, and hidden fields are modified in an attempt to gain unauthorized access to user data or application functionality.
• Cookie poisoning – Data sent in cookies is modified in order to test application response to receiving unexpected cookie values.
• Session hijacking – Client attempts to take over a session established by another user to assume the privileges of that user.
• User privilege escalation – Client attempts to gain unauthorized access to administrator or other users’ privileges.
• Credential manipulation – Client modifies identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality.
• Forceful browsing – Client enumerates files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.  
• Backdoors and debug options – Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code.  Client Business will identify these options that could potentially allow an intruder to gain additional levels of access.
• Configuration subversion – Improperly configured web servers and application servers are common attack vectors.  Client assesses the software features, as well as the application and server configuration for poor configurations.
• HP Software (Formally SPI Dynamics) WebInspect
• Nessus (Infrastructure Testing)
• Tamper Data
• BurpSuite Pro

Vikas Kanoongo
Recruitment | Sales

9055 SW 73rd CT, Unit 1409
Miami, Florida 33156 United States

vkanoongo@ideareboot.com | Work: 315.683.3001 | Fax: 305.397.2534

Join My Linkedin Network http://www.linkedin.com/in/vikaskanoongo
Follow our latest available jobs on Twitter http://twitter.com/ideareboot

Return to Looking For Work

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software