For more info, contact ec dot gee[at] hp dot com, or call five one two, four 5 two, four one 1 four.
This posting is for a SENIOR level position, but a JUNIOR level pen testing/hacking position is also available. The JUNIOR level position requires 2+ years experience in an IT enterprise infrastructure environment + 2 years experience in pen testing / ethical hacking.
For the SENIOR role, HP is seeking an experienced Ethical Hacker/Pen Tester for a long term, multi-year Houston engagement with one of our largest customers. This is for an HP employee, not a contractor. Limited if any travel. Ethical Hacking/Penetration testing guru, someone well steeped in the art (I think of it as an art) of intrusion detection/prevention for a Houston client with 5000 potential attack targets. This person will be a SME in identifying and documenting data center infrastructure and application vulnerabilities, working from an adversarial perspective. Upon conclusion of the project, this person would most likely be deployed on a gig with another customer of HP Technology Services.
One or more of the following certifications ideal:
• CEH - Certified Ethical Hacker (preferred)
• GPEN - GIAC Penetration Tester
• OSCP - Offensive Security Professional
• ECSA - EC-Council Security Analyst
• CEPT - Certified Expert Penetration Tester
• CPTE - Certified Penetration Test Expert
• PTS - Certified Penetration Test Specialis
A more detailed job description is attached.
• Scan and exploit vulnerabilities
• Make recommendations, report findings.
• Part of a three person hacking team, acting as an adversary, a subversive, taking trophies
• Work as required during nights, weekends, and holidays as required
• Respect the Rules of Engagement.
• Use only approved data center security testing tools.
• BA or BS in CS or security and 8+ years experience in data center infrastructure
• If no degree, 11+ years of experience in data center infrastructure
At least a couple of recent years experience in one or more:
• Ethical hacking
• Pen testing
• Adversarial attack emulation
• Security lab fixed asset attack testing
• OSSTMM or comparable security testing methods
• Social engineering
Has working knowledge with some of these open source tools / techniques (the more the better):
• Applications scanning
• Cryptography cracking
• Firewall log analyzers
• Forensics tool kits
• Jail breakers
• NetBIOS scanning
• Network pinging
• Network testing
• Packet crafting
• Packet analyzers
• Password crackers
• Port scanners
• Promiscuous mode detection
• Root kits
• Steganography detection
• Vulnerability scanning
• War dialers
• Word list generators
Strong experience with White, Gray, or Black Box security testing ideal
Understands ISSF (Info Sys Security Assessment Framework) and OSSTMM (Open Info Systems Security Group – Penetration Testing Methods), Open Source Methods
Able to make effective client presentations