Key activities as part of security incident response will consist in:
• Penetration testing, including web application penetration testing
•Ethical Hacking (An ethical hacker should use constructive methods as opposed to the destructive methods adopted by the malicious hacker. The intent behind an ethical hacker's actions is to protect and rectify systems of their vulnerabilities. An ethical hacker is convinced that he can change something by means of constructively using his skills. He is reliable and trustworthy since he might discover information about the organization that should remain confidential)
•As well as a sound knowledge of Information Security and a good understanding of present technical threats, you’ll also be able to demonstrate real insight into current mainstream software platforms and an ability to identify weaknesses and countermeasures
•Identify and manage legal liabilities relating to security
•Create and deliver reports with findings and recommended mitigations
•Participate in reviewing the Systems configuration security baselines
•Keep knowledge up-to-date
•Formulate effective advisories, alerts, and management briefings
•Understanding the fundamental causes of vulnerabilities
•Analyzing and coordinating response to reported vulnerabilities
•Publishing effective CERT information
EDUCATION, KNOWLEDGE, SKILLS AND EXPERIENCE
- Hands on experience and skill sets associated with heterogeneous infrastructures, operating systems, wireless technologies, advanced networking and secure topology design, vulnerability scanning and management etc.
- Network protocols and network hardware, e.g. routers, switches, firewalls, proxies, Intrusion Detection/Prevention Systems, Honeypot and other security products
- Vulnerability Scanners, e.g. Nessus, nmap, Retina, Appscan, GFI, etc.
- Penetration testing skills including the use of relevant tools and technologies
- Demonstrate a thorough understanding of 'Ethical Hacking' characteristics and expertise from a 'white hat' perspective
- Knowledge of databases, applications, and web server design and implementation
- Experienced Windows and Unix/Linux operating systems and security
- Programming language experience in one or all of the following: Java, Visual Basic, C/C++, PHP, Perl, etc
The successful candidate must have at least 5 years experience in security & pen testing, be able to attend a face-to-face interview in Luxembourg and work full-time (8h a day, 5 days a week) in my client's premises.
Any questions ? Interested ? Feel free to contact me at firstname.lastname@example.org