| Duties & Responsibilites : | Web/Mobile Application Testing Consultant -Penetration testing, web application penetration testing, mobile penetration testing
The Penetration Testing Consultant supports the Security and Risk Consulting / Technical Security Services Team by applying information security threat intelligence to identify and exploit vulnerabilities within our clients’ environments.
The focus areas for this role are one or more of the following:
network testing, wireless network security, web application testing, mobile application testing, physical security, and social engineering.Role
-Conduct exploitation testing using off-the-shelf or self-developed exploitation tools and document findings for client remediation
-Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTP to assess vulnerability and risk-Perform proactive research to identify and understand new threats, vulnerabilities, and exploits-Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports-Mentor and train fellow team members in new technologies and techniques
-Document and present on new testing methodologies to internal and external teams-Develop and document new post-exploitation tools and techniques for use by internal and external customers
-Excel as both a self-directed individual contributor and as a member of a larger team
-Availability for domestic travel and limited international travel up to 50%
-Apply innovation to improve service efficiency and service value-Suggest or implement enhancements to internal systems
-Interface with Counter Threat Unit (CTU) and Incident Response (IR) teams-Perform other essential duties as assigned
REQUIRED EXPERIENCE:
-5 years of experience application testing, and red team engagements
Must have actual testing experience. -Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
-Understanding of:o Web protocols (e.g., HTTP, HTTPS, and SOAP)o Web technologies (e.g., HTML, _javascript_, XML, AJAX, JSON, and REST)-Experience with WLAN security concepts and testing-Strong technical communication skills, both written and verbal-Ability to explain technical security concepts to executive stakeholders in business language
Certifications in order of preference: OffSec OSWE, SANS GMOB, or SANS GWAPT.
Preferences:
Anyone who has given a con talk on web or mobile testing would be good-Operating systems administration and internals (Microsoft Windows / Linux)-Significant plusses for one or more of the following:
experience in social engineering, mobile or cloud application testing, experience with disassembly and debugging tools, exploit development, runtime malware analysis, testing embedded platforms and hardware security, ICS testing experience, and cryptography or cryptanalysis
-Presentation skills and tools (e.g., PowerPoint, Keynote, etc.)
-Significant public security presentation experience is a plus
-5+ years of professional experience in information security or related field
-A Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience
|
