Security Consultant - Assessments at Boston

Job Description

Overview:

Candidates can live anywhere in the continental U.S.

A Security Consultant on the Security Assessments team is a highly skilled penetration tester capable of performing complex assessments while maintaining a business focus and meeting client requirements. This position will work both independently and as part of a team to perform Security Assessments including: vulnerability assessments, penetration tests, wireless security assessments and social engineering. A Security Consultant also contributes to the development and continuous improvement of the Security Assessment practice through various team and industry contributions.

Responsibilities:

• Assess an organizations networksecurity posture through the use of automated tools and manual techniques to identify and verify common security vulnerabilities
• Use creative approaches to identify vulnerabilities that are commonly missed in security assessments
• Exploit vulnerabilities andidentify specific, meaningful risks to clients based on industry and business focus
• Perform complex wireless attacks both against wireless clients and access points
• Use social engineering techniques to obtain sensitive information, network access and physical access to client sites
• Assess physical security controls by lock picking, camera evasion, tailgating, dumpster diving and other evasive techniques
• Execute opportunistic, blended and chained attack scenarios that combine multiple weaknesses to compromise client environments
• Create comprehensive assessmentreports that clearly identify root cause and remediation strategies
• Interface with client personnel to gather information, clarify scope and investigate security controls
• Execute projects using FishNet Securitys established methodology, tools and documentation
• Report to FishNet Security management and Project Managers and provide weekly status reports
• Collaborate with other team members and practices to complete client projects and practice contributions
• Maintain industrycredentials/certifications
• Participate in industry conferences to include delivering presentations
• Actively contribute to 6Labs (FishNet SecurityThought Leadership forum)
• Provide support in the ongoingdevelopment of security assessment offerings through tool creation and process improvement
• Perform other duties as assigned

Job Requirements

Required Experience and Education:

• Bachelors Degree (B.A.) from a four-year college or university in Computer Science,Management Information Systems, Engineering or Information Assurance or related area of study; or four or more years related experience and/or training; or equivalent combination of education and experience required
• Minimum3 years of Information Security experience requiredMinimum 2 years of practice specific experience required
• Experience performing Security Assessments work (vulnerability, penetration tests, wireless security and social engineering) on a full-time basis for at least the past year required
• Minimum 1 year of client facing consulting experience required
• OSCP, OSCE, GIAC, CISSP certifications strongly preferred
• Demonstrated ability to deliver projects using well-defined methodology across various security assessment disciplines including:
  • Network Vulnerability Assessments
  • Penetration Tests
  • Wireless Network Security Assessments
  • Social Engineering (Telephony, onsite and remote pre-texting, spear phishing, etc.)
  • Physical Security Assessments (Tailgating, lock picking, camera evasion, dumpster diving, etc.)
  • VoIP Security & War Dialing
  • Product/Hardware Security Assessments
  • Web application Vulnerability Assessments (SQLi, XSS, Session management issues, etc.)
• Ability to combine multiple separate findings to identify complex blended vulnerabilities that would not be exploitable as a result of a single weakness
• Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities
• Mastery of commercial and open source security tools required (e.g. Nessus, Nexpose, SAINT, Qualys, Burp, Nmap, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng etc.)
• Familiarity with many different network architectures, network services, system types, network devices, development platforms and software suites required (e.g. Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.) required.
• Excellent verbal and written communication skills required
• Demonstrated ability to create comprehensive assessment reports
• Must be able to work well with customers and self-manage through difficult situations, focus on client satisfaction
• Ability to convey complex technical security concepts to technical and non-technical audiences including executives
• Ability to work both independently as well as on teams
• Proven ability to review and revise reports written by peers
• Experienced at writing technical proposals, statements of work, white papers, presentations and project documentation . Strong attention to detail required.
• Demonstrated effective time management skills, ability to balance multiple projects simultaneously and ability to take on large and complex projects with little or no supervision required
• Motivation to constantly improve processes and methodologies
• Passion for creating tools and automation to make common tasks more efficient
• Knowledge of programming and scripting for development of security tools
• Ability to deliver presentations at industry conferences, Blog post writing skills
• Willingness to collaborate and share knowledge with team members

Physical Requirements:

• Able to travel anywhere domestically and internationally by air, train, taxi car or bus for prolonged periods of time
• Should be physically capable of doing war driving/war walking ona large corporate campus, e.g.,multi-building, multi-level environments
• Ability to perform evasion techniques and social engineering tasks to include dumpster diving and other physically demanding tasks necessary to infiltrate a clients facility /organization

Although FishNet Security has attempted to accurately and thoroughly describe this position, we reserve the right to change, add to or subtract from the duties outlined, within the sole discretion of FishNet Security, at any time, with or without advance notice.

FNS is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of race, creed, color, sex, sexual orientation, age, marital status, handicap, disability, religion, national origin, military service, or any other protected category. We have established an Affirmative Action program to initiate and promote equal employment opportunities. As an Affirmative Action Employer, we make every effort to ensure that our workforce represents the diversity of our labor market and that minority group members are given full consideration for development and advancement within our employment structure.

*LI-AG1

Country: USA, State: Massachusetts, City: Boston, Company: Fishnet Security.