*Cyber Security Consultant role in TX for 6+Months Contract !! * Houston, TX
*Please reply to my Official id : **rachel.l...@itbtalent.com <rachel.l...@itbtalent.com>* *Top 3 needs:* Manual scanning - not just using tools to scan for vulnerabilities. If they can only talk about tools when you ask how they are doing their scans, please do not submit. Need at least a full year of manual scanning background. Passionate about cyber security. 4 other testers on team (~10 person team in total | some coordinate what testers do each week | some work with specific vendors) When they get their weekly assignment, they scan using whatever tools needed but then go in and do all the manual assessments to gather all vulnerabilities. Assess vulnerabilities to see if they are legit or not, and then they have to determine where the issues are (code logic, db or ports level) Because of this, both app and network security strength in skills is very important, but app side is slightly more important. Fix or send to be fixed - documentation. Move to next app. Combination of projects (application enhancements, add-ons, changes) that need to be tested/re-tested and testing due to yearly/semi-annual/etc required by compliance rules. Very small amount of "proof of concepts" testing done in lab environment. OWASP understanding is critical. Experience is more important than certs – but most of these guys will have the certs anyway. 2 rounds of interviews - open to non-local and hiring off phone screen! 2 on team moved here for the role. He’s actually had good luck with that. Interview 1 - phone screen with him and one other person - background and some tech questions Interview 2 - phone or f2f - 1 hr with all the testers - Exceptionally technical. Min 3 years of experience penetration/vulnerability testing for web and thick-client applications in an enterprise environment Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc. ( min 1 year Manual Assessment) Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc. Full grasp and ability to articulate and/or train others on the “OWASP Top 10” and related concepts Minimum 3 years of experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language ((Shows/ assess Vulnerabilities consultant will determine if they are real and then look at the code logic to see if issue is there) Minimum 3 years of experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases Ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners Ability to capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data Have a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc. Minimum 3 years of experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls. Ability to create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management Preference is for candidates with two or more of the following certifications: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE Regards, Rachel Lian | Sr Technical Recruiter Desk No :201-855-4204 Princeton Forrestal Village 116 Village Blvd, Suite 200 Princeton - New Jersey 08540 rachel.l...@itbtalent.com | Gmail:rachel.lain...@gmail.com www.itbrainiac.com ***************************************************************************************************************************************************************** Notice: This email contains confidential or proprietary information which may be legally privileged. It is intendewed only for the named recipient (s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message by "REMOVE". If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or reply on this email, and should immediately delete it from your computer system. domain if required -- You received this message because you are subscribed to the Google Groups "SAP or Oracle Financials" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-or-oracle-financials+unsubscr...@googlegroups.com. To post to this group, send email to sap-or-oracle-financials@googlegroups.com. Visit this group at http://groups.google.com/group/sap-or-oracle-financials. For more options, visit https://groups.google.com/d/optout.