App Sec – Senior Consultant – Anywhere USA
Job Area: Information Security Consulting
Title: Senior Consultant (Intermediate-level)
Experience: 3-6 yrs in Information security
Location: Eastern US
Travel: ( Mix of onsite and remote )
Security Clearance: Beneficial, But Not Required
AT&T Consulting Solutions is a wholly owned subsidiary of AT&T (a Fortune Global Top 10 company).
AT&T is looking for a sharp penetration tester for the position of a Senior Consultant located anywhere
in the US to be a part of a dynamic team of experienced security professionals with varied experiences.
AT&T consulting clients range from some of the largest networks in the world to small businesses
requiring security consulting expertise.
Perform network penetration tests for AT&T’s customers’ Internet-accessible and internal applications
and networks. A knowledge of wireless penetration testing and web application development security
strongly desired. Secure Code Review skills a great plus! The candidate should have a deep
understanding of TCP/IP, network discovery, DNS enumeration, vulnerability scanning, exploitation
methods and privilege escalation. The candidate should also have an excellent grasp of web application
exploitation and the OWASP list. The candidate must be able to write objective, detailed reports
explaining security issues.
Bachelors degree or higher, Masters Degree preferred.
Information Security experience of a minimum of three years
Knowledge of Linux, UNIX, Windows and other operating systems
Knowledge of popular databases such as MSSQL, Oracle, and MySQL
Deep Knowledge of TCP/IP, network protocols, firewall evasion, ethical hacking, routing
Experience in evading IDS/IPS, access control lists
Experience with Nmap, Nessus/Qualys, Metasploit, Paros, Kismet, aircrack-ng, etc.
Ability to write customized scripts using at least two of bash, Perl, Ruby, Python
Knowledge of C/C++, Java, C#, etc would be beneficial
Ability to travel 50%-75%, must possess drivers’ license
Strong report writing skills and ability to explain complex security issues to customers
Must be a flexible team player, hard-working, excellent communication and customer-facing
Security certifications such as CISSP, CEH, SANS GSEC, etc. preferred
PCI DSS experience preferred
Strong technical problem / resolution skills
Mid to advanced level infrastructure or security design capabilities for environments that include 10
to 20 security devices, processes or applications.
Mid to advanced level systems administration (UNIX/Linux, Windows, or mainframe)
Knowledge with different application architectures and platforms, their development challenges,
their control configurations, and their inherent security strengths and weaknesses (e.g., ColdFusion,
Mid to advanced level network administration (firewalls, IDS/IPS, network architecture)
Advanced level of methods and knowledge of three or more of the following:
o Vulnerability scanning
o Penetration testing (network, system and application)
o Application Security
o Code Review
o Security event monitoring
Vendor certification or demonstrable in-depth technical expertise with at least three major security
o Examples Only: Symantec, McAfee, VeriSign, Juniper, Checkpoint, Cisco, Arcsite, Tripwire,
o Demonstrable experience includes being able to gather customer requirements, design a
solution, specify a build of materials, implement, tune/optimize, maintain or troubleshoot at
an architecture component level for an existing solution
Knowledge and experience with risk and compliance assessments
Bi-lingual candidates a plus