Security Testing Consultant
Location: The duties of this position will be performed at our client’s head office in central London as well as site visits to customer locations. The Consultant is expected to work alone, around others, under minimal supervision and under deadlines.
Our client is based in the heart of London and is an award-winning Information Security and Risk Management company with over 15 years’ experience in educating, helping and protecting their clients from the many security threats to their data out there.
Reports to: Service Delivery Manager.
The Security Testing Consultant position is intended to perform and support the core components of our clients’ services and product offerings. As such, his/her primary function is to provide security vulnerability assessment, penetration testing, research, analysis, and findings documentation and remediation support services to our clients’ customers as required. Additionally, the Consultant will assist with company with the design, implementation, configuration, support, testing and monitoring of corporate infrastructure security and access controls.
• Identify, exploit and document security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
• Ability to flow from black box to grey box to white box tests dependent on client needs.
• Ability to test a variety of client form factors and technologies based on scopes of work.
• Ability to solve complex technical problems and articulate to non-IT personnel.
• Ability to effectively provide technical risk assessment of technologies in networks applications, wireless, social engineering, code reviews and war dialling.
• Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
• Perform, review and analyse security vulnerability data to identify applicability and false positives.
• Research and develop testing tools, techniques, and process improvements.
• Create risk based security code reviews (static & dynamic.)
• Conduct penetration testing in line with Open Web Application Security project.
• Mentor junior engineers to build their skills and contribution levels.
• Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
• Support company through the testing and evaluation of new technologies and security controls.
• Assist and support Risk Factory Security Staff as they perform vulnerability, network and network security assessments.
• May require the performance of other essential functions depending upon work location or assignment.
• Knowledge and understanding of basic information security principles.
• Knowledge of security best practice guidelines, (ISO 17799, NIST, OWASP etc.)
• Relevant professional experience including working knowledge of the following.
• TCP/IP, HTML, XML, CGI, Python, Perl, Java, Java Script, C++, C#. .Net, networking including IP classes, subnets, multicast, NAT.
• WINS, DNS, and DHCP, Network troubleshooting.
• Microsoft OS, Active Directory and Server technologies.
• Encryption cracking tools
• Password cracking tools
• Remote access methods.
• Backup and disaster recovery methodologies.
• Patch management technologies and processes.
• Wireless protocols and services.
• Variety of testing tools such as: Paros, WebScarab, Burpsuite, Nessus, Appscan,
• Familiarity with UNIX a plus.
Essential Skills: Minimum 2 Years’ Experience of;
• ISO-27001 exposure and experience
• PCI DSS
• UK DPA Security Auditing,
• Risk Analysis Experience
• Design and testing experience related to security.
• Experience with security issues in large scale networks.
• Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software.
• Ability to grasp new technology concepts, quickly and assist others in understanding them as well.
• Senior-level documentation and project management skills.
• Ability to work in a team environment and interact with people.
• Strong verbal, communication and technical writing abilities.
• Project management skills.
• Possess strong leadership, coaching and mentoring skills.
• Occasional travel, possibly air travel.
• Ability to meet pressured deadlines and time constraints.
Education, Training & Experience:
• Computer Security, Computer Science or Technical degree equivalent. (GIAC, CEH.)
• Five+ years information security technology experience.
• Three+ years’ computer and network security experience.
• Three+ years’ experience managing client projects.
• Three+ years’ information consulting experience.