Post Fri Oct 01, 2010 12:09 pm

HP Sr. Ethical Hacking Security Consultant --Houston, TX

Sr. HP Ethical Hacking Security Consultant                    

For more info, contact ec dot gee[at] hp dot com, or call five one two, four 5 two, four one 1 four.

This posting is for a SENIOR level position, but a JUNIOR level pen testing/hacking position is also available.  The JUNIOR level position requires 2+ years experience in an IT enterprise infrastructure environment + 2 years experience in pen testing / ethical hacking.

For the SENIOR role, HP is seeking an experienced Ethical Hacker/Pen Tester for a long term, multi-year Houston engagement with one of our largest customers.   This is for an HP employee, not a contractor. Limited if any travel.  Ethical Hacking/Penetration testing guru, someone well steeped in the art (I think of it as an art) of intrusion detection/prevention for a Houston client with 5000 potential attack targets.  This person will be a SME in identifying and documenting data center infrastructure and application vulnerabilities, working from an adversarial perspective.   Upon conclusion of the project, this person would most likely be deployed on a gig with another customer of HP Technology Services.

One or more of the following certifications ideal:
• CEH - Certified Ethical Hacker (preferred)
• GPEN - GIAC Penetration Tester
• OSCP - Offensive Security Professional
• ECSA - EC-Council Security Analyst
• CEPT - Certified Expert Penetration Tester
• CPTE - Certified Penetration Test Expert
• PTS - Certified Penetration Test Specialis
A more detailed job description is attached.  

• Scan and exploit vulnerabilities
• Make recommendations, report findings.
• Part of a three person hacking team, acting as an adversary, a subversive, taking trophies
• Work as required during nights, weekends, and holidays as required
• Respect the Rules of Engagement.
• Use only approved data center security testing tools.

• BA or BS in CS or security and 8+ years experience in data center infrastructure
• If no degree, 11+ years of experience in data center infrastructure

 At least a couple of recent years experience in one or more:

• Ethical hacking
• Pen testing
• Adversarial attack emulation
• Security lab fixed asset attack testing
• OSSTMM or comparable security testing methods
• Social engineering

 Has working knowledge with some of these open source tools / techniques (the more the better):

• Applications scanning
• Cryptography cracking
• Fingerprinting
• Firewall log analyzers
• Forensics tool kits
• Fuzzers
• Hijackers
• Jail breakers
• NetBIOS scanning
• Network pinging
• Network testing
• Packet crafting
• Packet analyzers
• Password crackers
• Port scanners
• Profiling
• Promiscuous mode detection
• Root kits
• Sniffers
• Steganography detection
• Vulnerability scanning
• War dialers
• Word list generators

 Strong experience with White, Gray, or Black Box security testing ideal
 Understands  ISSF (Info Sys Security Assessment Framework) and OSSTMM (Open Info Systems Security Group – Penetration Testing Methods), Open Source Methods
 Able to make effective client presentations
Last edited by ecgee on Fri Oct 01, 2010 3:53 pm, edited 1 time in total.