Post Tue Dec 15, 2009 12:07 pm

Sr. Security Consultant-Assessment Practice

Title: Senior Consultant – Assessment Services
Skills: Vulnerability Assessment, Network Penetration Testing, Application Penetration Testing, Wireless Penetration Testing, Remote and Physical Social Engineering, Network Architecture and Configuration Review, PCI Penetration Testing
Location: Schaumburg
Tax term: FULLTIME 
Pay rate: Based on experience
About Halock: HALOCK Security Labs is a professional services organization focused 100% on information security. HALOCK is a hybrid services firm capable of addressing both the strategic and technical security needs of our clients. We are in partnership with our clients to help them protect critical information assets and meet compliance needs as well as international security standards best practices.
HALOCK offers services in PCI compliance and validation, vulnerability assessments, penetration testing, network security architecture reviews, development of information security management systems, and security solution implementations including SIEM, DLP, and encryption. Our full-time consultants and engineers may be a part of one or more of these service offerings depending on their skills and interests.
HALOCK prides itself on its ability to perform in-depth security assessments across a wide range of technical environments. Tired of the plain vanilla *checklist* audit? Looking to demonstrate your assessment skills with like-minded team members? HALOCK has a unique, challenging and motivated environment for you to further develop your career.
Due to client demand, we are continuing to expand our consulting team. Each client engagement is assigned a dedicated and capable group of consultants, project management, resources, and tools. You will be expected to utilize your skills and abilities to satisfy the scope of the engagement within budgetary requirements.
Job Responsibilities:  Perform internal and external Vulnerability Scanning using commercial and open source tools
 Perform internal and external network and application penetration testing using a variety of methods, tools, and techniques
 Perform wireless penetration testing using both collaborative and covert methods
 Conduct onsite Social Engineering including persuasion and technical attacks
 Prepare and execute custom remote social engineering testing such as phishing, mock websites, and telephone contact
 Perform hands-on review of network environments, including network device and server configurations, from both an advisory perspective as well as in support of HALOCK's PCI Audit and ISO governance practices
 Exhibit knowledge of PCI, ISO, and NIST standards and demonstrate ability to complete required work papers with detail
 Contribute to HALOCK's Assessment Framework including findings databases, checklists, templates, testing methods and techniques, and research
 Adhere to HALOCK's code of conduct (
 Author detailed assessment reports, including presentation of findings to clients following the conclusion of testing
Required Skills: The ideal candidate must meet the following minimum criteria:
 Five years full time penetration testing experience
 Strong background in network and application technologies
 Excellent technical and business level writing skills
 Ability to multi-task without compromising deadlines and assignment expectations
 Take direction from project management and work as part of a collaborative team
 Previous consulting experience and ability to deliver under pressure
 Strong organizational skills, including ability to deliver with minimal supervision
 Basic to intermediate project management competencies such as following process and protocol for project delivery, ability to identify project risks, project multitasking, and ability to self manage when appropriate
 Ability to execute assessments as defined in proposals, within assigned budgets and due dates
 High motivation, integrity, and commitment to self development
 Strong verbal communication skills
Preferred Skills: The following are ideal but not prerequisites for the role:
 Formal education in Information Security, Information Technology, Computer Science, Engineering or related discipline preferred
 Applicable certifications such as PCI QSA, PCI PA-QSA, C|EH, C|EI, CSSLP, CISSP, CISA, technical certifications such as MCSD, SCJD, SCJP, MCAD, MCPD
 Network design and implementation experience
 Application development experience
Disclosures: All candidates invited to interview will be required to sign strict confidentiality and non-disclosure agreements. Full background checks are performed, with consent, on all successful candidates before employment offers can be extended.
Benefits and Extras:  Comprehensive benefits package including health, dental, 401(k), long-term disability and more
 Career Roadmap Program with annual performance reviews
 Training and paid certification opportunities
 Strong team culture
 Virtual testing labs

US citizens and Green Card Holders, EAD and TN are encouraged to apply.
We are unable to sponsor H1 candidates at this time
No 3rd parties please
Individuals only need apply
Travel required: Up to 25%
Telecommute: No
Keywords: Information security, assessment, application security, network security, CISSP, PA-QSA, QSA, CISA, PCI, hacking, penetration test, pen test, audit