HP Security Services—Sr. Red Team Ethical Hacker/Security Consultant
This post is for a SENIOR level position but a similar JUNIOR level position is also available. Requires 2+ years datacenter infrastructure experience and 2+ years experience in ethical hacking/pen testing.
Travel: None anticipated; if any, will be limited
Job Location: Houston, TX
Energy Industry experience a plus
FOR ADDITIONAL INFORMATION, CONTACT:
TECHNOLOGY SERVICES RECRUITER
ec dot gee [at] hp dot com
five one two/four 5 two, four 1 one four
Sr. Data Center Security Technical Consultant
A high Impact player who assists with all aspects of the data center cyber security activities. Leads and/or provides expertise to wide and varied security testing initiatives. Sustained and consistent contribution at the data center Red Team activities.
Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities following defined rules of engagement and attack scenarios. Make recommendations on security weaknesses and report on activities and findings. Work as a member of an HP-based ethical hacking team embedded within the client’s data center Cyber Security organization focused on deliberately and purposefully challenging the client’s IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
Likely no travel; if any, will be limited
Serve as an integral member of an elite group of data center security testers (ethical hackers) embedded within the client’s Cyber Security group. Think and act as a hacker to subvert and / or bypass existing data center security safeguards and/or measures to infiltrate critical client assets taking trophies as evidence of compromise. Provide a layer of data center security testing capability not included within the client’s current security vulnerability scanning and external penetration testing operations.
8+ years of professional datacenter infrastructure experience and a BA/BS in computer science / security or related or
Without a degree, 11+ years professional datacenter infrastructure experience
One or more of the following certifications preferred:
• GPEN - GIAC Certified Penetration Tester
• OSCP - Offensive Security Certified Professional
• CEH - Certified Ethical Hacker (preferred)
• ECSA - EC-Council Certified Security Analyst
• CEPT - Certified Expert Penetration Tester
• CPTE - Certified Penetration Testing Expert
• CPTS - Certified Penetration Testing Specialist
REQUIRES minimum 2 years RECENT documented experience in the following:
• Ethical hacking
• Penetration testing
• Adversarial attack emulation
• Security lab fixed asset attack testing
• OSSTMM or comparable security testing methodology
• Social engineering
Knowledge & Skills:
Has sufficient depth and breadth of technical knowledge to perform vulnerability scans and exploit detected vulnerabilities across a number of technologies and applications. Demonstrated understanding of the difference between ethical hacking and penetration testing. Ability to approach security testing from an adversarial perspective maintaining the mindset of a hacker while operating ethically within defined rules of engagement with the auspice of a Red Team. Has an understanding, at a detailed level, of architectural dependencies of technologies in use within the customer’s IT environment. Frequently uses product and application knowledge along with internals or architectural knowledge to develop security testing solutions. Extensive experience ideal in one or more penetration testing models to include White, Gray and Black Box security testing.
Working knowledge of open source security testing tools/techniques (the more the better):
Firewall log analyzers
Forensics tool kits
Promiscuous mode detection
Word list generators
Has a working understanding of Information Systems Security Assessment Framework (ISSF) – Open Information Systems Security Group – Penetration Testing Methodology and/or Open Source Security Testing Methodology (OSSTMM).
Has the ability to work in a multi-technology data center environment with the ability to diagnose complex security vulnerabilities to their root cause.
Has the ability to present within own area of expertise as part of a client presentation, putting forward security-specific information within the context of contracted deliverables.
Has demonstrated ability to assist in the design / build of a security testing lab.