Pen Tester – Big 4 Space – Multiple work locations
Work locations can be based out of the following cities: Chicago, NYC, San Francisco,, Sherman Oaks, Atlanta, or Dallas.
The Information Security Senior Consultant will be responsible for supporting planning, supervising staff, and executing IT Security and Privacy projects. The Information Security Senior Consultant will serve as a project or team lead to ensure high-quality delivery. This position will perform work, as well as oversee the technical work of some junior level personnel. This position will work directly with other project leads, managers, and/or executives to communicate business and technical aspects of the work being performed. The Information Security Senior Consultant will set performance expectations for junior level personnel and provide constructive performance feedback on a regular basis. This position may also assist the engagement economics of the projects, including budget status tracking, billing, and collection analysis. The Information Security Senior Consultant will perform the following responsibilities:
- Conduct and lead Information Security Projects, including:
- Information Security Assessments
- Penetration Testing
- HIPAA Security Risk Assessments
- FFIEC Network Security Assessments
- Cloud Security Reviews
- IT Security Technology Implementations
- Evaluate and/or Implement IS solutions and controls to ensure data security and integrity for our clients.
- Prepare reports or other necessary documentation to detail results of evaluation and otherwise meet the objectives of the Project.
- Submit recommendations to client for corrective action or to support a recommend approach to solving the client’s needs.
- Participate in planning and implementing of client information systems, including structure, process, and security.
- Participates in strategic and tactical objectives to include new product offerings, identify additional client needs, and generating new business leads.
- Correspond with a variety of clients and communicate security issues, recommendations, and deliverables effectively.
- Bachelor’s degree required, candidates must possess significant analytical skills which likely evolved from early academic training in Computer Science, Computer Engineering, or Information Systems
- Minimum 2-4 years of business experience in the areas of Information Security.
- Certified Information Systems Security Professionals (CISSP) or willingness to obtain
- Experience within consulting or professional services, or at leading industry public companies is preferred.
- We require some prior experience supervising junior level resources in the areas of Information Security.
- Knowledge of internetworking technology.
- System and network administration experience on UNIX (any flavor), Windows 2003/2008/2012
- Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services is very desirable.
- Writing and interpersonal communication skills are expected to be of a high quality.
- The ability to handle multiple projects concurrently is a must.
- This position requires national travel.
Additional Skills Desired:
- CISSP, CCSK, CEH, Microsoft, Cisco, HPUX, other vendor, application, or system certifications.
- Network Security Practices: Auditing, planning, design, implementation, testing, and management
- Operating Systems: Windows/AD, UNIX
- Network infrastructure development/deployment, DNS, Web servers, Email Architecture, DMZ Management
- Network architecture and protocols: TCP/IP, UDP, HTTP, NetBIOS, IPSec, SMTP
- Network firewalls, application gateways, proxy servers
- Database Security: MS SQL, Oracle
- Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines), and be able to perform both manual penetration testing and automated testing.
- Network Device Access to controls to include Cisco routers and other network devices
- Cryptographic methods and standards: Asymmetric, Symmetric
- Development skills in two of the following: Perl, Ruby, PowerShell and Bash, C++, C#, Java