Post Fri Oct 01, 2010 3:40 pm

HP Sr. Ethical Hacker / Pen Tester, Houston TX

Don suggested I paste this information here, rather than having it in an attachment.  I had put a brief description in the posting body, then the more extensive one in the attachment, but it doesnt appear the info in the posting body is visible.  So forgive the duplicate post. 

HP Security Services—Sr. Red Team Ethical Hacker/Security Consultant

This post is for a SENIOR level position but a similar  JUNIOR level position is also available.  Requires 2+ years datacenter infrastructure experience and 2+ years experience in ethical hacking/pen testing. 

Travel:  None anticipated; if any, will be limited

Job Location:  Houston, TX

Timing:  Immediate

Energy Industry experience a plus




ec dot gee [at] hp dot com
five one two/four 5 two, four 1 one four

Sr. Data Center Security Technical Consultant

A high Impact player who assists with all aspects of the data center cyber security activities. Leads and/or provides expertise to wide and varied security testing initiatives. Sustained and consistent contribution at the data center Red Team activities.

Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities following defined rules of engagement and attack scenarios. Make recommendations on security weaknesses and report on activities and findings. Work as a member of an HP-based  ethical hacking team embedded within the client’s data center Cyber Security organization focused on deliberately and purposefully challenging the client’s IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.

Likely no travel; if any, will be limited

Serve as an integral member of an elite group of data center security testers (ethical hackers) embedded within the client’s Cyber Security group.  Think and act as a hacker to subvert and / or bypass existing data center security safeguards and/or measures to infiltrate critical client assets taking trophies as evidence of compromise.  Provide a layer of data center security testing capability not included within the client’s current security vulnerability scanning and external penetration testing operations.

Experience Required:

8+ years of professional datacenter infrastructure experience and a BA/BS in computer science / security or related  or

Without a degree, 11+ years professional datacenter infrastructure experience

One or more of the following certifications preferred:
• GPEN - GIAC Certified Penetration Tester
• OSCP - Offensive Security Certified Professional
•              CEH - Certified Ethical Hacker (preferred)
•              ECSA - EC-Council Certified Security Analyst
•              CEPT - Certified Expert Penetration Tester
•              CPTE - Certified Penetration Testing Expert
•              CPTS - Certified Penetration Testing Specialist

REQUIRES minimum 2 years RECENT documented experience in the following:

• Ethical hacking
• Penetration testing
• Adversarial attack emulation
• Security lab fixed asset attack testing
• OSSTMM or comparable security testing methodology
• Social engineering

Knowledge & Skills:

Has sufficient depth and breadth of technical knowledge to perform vulnerability scans and exploit detected vulnerabilities across a number of technologies and applications.  Demonstrated understanding of the difference between ethical hacking and penetration testing.  Ability to approach security testing from an adversarial perspective maintaining the mindset of a hacker while operating ethically within defined rules of engagement with the auspice of a Red Team.  Has an understanding, at a detailed level, of architectural dependencies of technologies in use within the customer’s IT environment.  Frequently uses product and application knowledge along with internals or architectural knowledge to develop security testing solutions.  Extensive experience ideal in one or more penetration testing models to include White, Gray and Black Box security testing.

Working knowledge of open source security testing tools/techniques (the more the better):

Applications scanning
Cryptography cracking
Firewall log analyzers
Forensics tool kits
Jail breakers
NetBIOS scanning
Network pinging
Network testing
Packet crafting
Packet analyzers
Password crackers
Port scanners
Promiscuous mode detection
Root kits
Steganography detection
Vulnerability scanning
War dialers
Word list generators

Has a working understanding of Information Systems Security Assessment Framework (ISSF) – Open Information Systems Security Group – Penetration Testing Methodology and/or Open Source Security Testing Methodology (OSSTMM).

Has the ability to work in a multi-technology data center environment with the ability to diagnose complex security vulnerabilities to their root cause.

Has the ability to present within own area of expertise as part of a client presentation, putting forward security-specific information within the context of contracted deliverables.

Has demonstrated ability to assist in the design / build of a security testing lab.