Position : Security Engineer 10+ year candidates!
12 month assignment Jamaica station location (Queens NY) (Local only) BACKGROUND The ICS Security Group is seeking a consultant to support multiple projects focused on Risk Assessments and Critical Infrastructure Systems. We want to ensure the cybersecurity controls, plans and procedures implemented at the MTA are working as they should. The ideal candidate would work closely with stakeholders to conduct gap analyses and develop compensating controls. RESPONSIBILITIES • Perform internal and external penetration testing of network infrastructure and applications • Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases • Perform network reconnaissance, OSINT, social engineering, and physical security reviews • Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards • Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement • Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects • Develop comprehensive and accurate reports and presentations for both technical and executive audiences • Learn the MTA business environment and basic risk management approaches CONSULTANT REQUIRED QUALIFICATIONS *• 10+ years of experience in Information Security and/or Related Field.* • 5+ years of experience in Red Team operations and/or Penetration Testing • Scripting experience in at least one programming language such as Python or PowerShell *• Knowledge of Operational Technologies/Industrial Controls Systems (HMI, PLC, SCADA)* • Knowledge of Active Directory concepts • Knowledge of Windows internals • Knowledge of *nix systems CONSULTANT PREFERRED QUALIFICATIONS • Previous experience conducting full-scope Purple Team engagements • Physical security assessment experience (lock picking, security system bypass, etc.) • Database experience (Oracle, MSSQL, MySQL, MongoDB) • Application fuzzing experience (WSFuzzer, SPIKE, Sulley, etc) • Reverse engineering experience/knowledge, data obfuscators, or ciphers • Mobile and/or web application assessments • Developing, extending, or modifying exploits, shellcode or exploit tools • Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE) • Source code review for control flow and security flaws CONSULTANT EDUCATION/CERTIFICATIONS • Undergraduate degree in Computer Science, Engineering, or related field • GPEN, GXPN, GWAPT, OSCP, or OSCE required • CISSP and other relevant certifications preferred Thanks and Regards, Muzeeb *Business Development Manager* *Technocraft Solutions LLC| Partner with Xpedantic LLC.* *Email:* [email protected] *Gmail:* [email protected] *LinkedIn:* linkedin.com/in/mohd-muzeeb-837048121/ www.technocraftsol.com <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.technocraftsol.com%2F&data=02%7C01%7C%7C34f19f872b8541041a9c08d766dae23a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637090962588359633&sdata=1iXPyx8A%2BvS%2FEWB1lPG8waMLAAB4U8PF5%2BByvprdxas%3D&reserved=0> | www.xpedantic.com <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xpedantic.com%2F&data=02%7C01%7C%7C34f19f872b8541041a9c08d766dae23a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637090962588379648&sdata=mrvLOsztdN1%2B9UsI4FKXbS0wDgoF%2F%2BHjN0fKU4d8bns%3D&reserved=0> -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/android-developers/CAMg%3D-2dXb6LLcoORxaM_c45U09-tqzhR3qqHxx0dD5xwYnK9sw%40mail.gmail.com.
