Red Team Penetration Testing Consultant
Job Role: Red Team Penetration Testing Consultant
Location: Home Based
Salary/Rate: Excellent Salary
Start Date: ASAP
Clearance: SC Clearance or willing to undergo
Red Team Penetration Testing Consultant - Permanent - Home Based - Excellent Salary
- This role will involve identification of vulnerabilities and recommendation of corrective action. The role will be hands-on working on customer sites, home-based or on the client sites.
- Consultants will conduct analysis, research and vulnerability assessments of customer enterprises across the spectrum, from social engineering (including physical access) to technological compromise of devices and networks.
- The successful candidate will deliver end-to-end Red Teaming engagements which may include social engineering, infrastructure, web application and attack scenarios.
- In addition to being technically proficient within the realms of offensive red teaming, the successful candidate will also possess a solid understanding of mitigation and defensive controls which can be articulated to clients.
Reporting to the Team Leader, the successful candidate will have a passion for cyber research and uncovering the unknown about security threats and threat actors.
- Perform Red Team engagements
- Deliver penetration testing & vulnerability assessments of web application and infrastructure environments
- Write full and accurate reports based on the findings of each engagement, providing tailored remediation advice to increase client security
- Support the Lead Consultant with Red Team tooling and infrastructure development to facilitate successful client engagements including products and self-developed exploitation tools
- Utilise and develop the Red Team methodology and innovate techniques and tools to further enhance the company's offering
- Keep up to date with the latest IT Security issues, tools, techniques and procedures to ensure the Professional Services team successfully increases client cyber security maturity through emulation of these to assess cyber risk
- Where required, support business development teams with technical support during later phases of solution design.
- Delivered technical Red Team cyber security assessments and/or have designed methodologies and processes for these engagements
- As good working knowledge of security in the following areas: Windows Active Directory, Web application security and vulnerabilities, NIPS and HIPS, File Integrity Monitoring, Firewalls
- DLP, 2FA, Certificates, Wireless, Network Policy Management, Firewalls, IPS, AAA, routers/switches, physical security, social engineering, Citrix and Virtualisation etc
- Demonstrated knowledge of Linux/UNIX & Windows operating systems
- A detailed understanding of the TCP/IP networking stack & network technologies
- Detailed cyber security knowledgeable and an in-depth understanding of business risk and cyber security service delivery
- At least 2 years of experience in performing small to medium-sized PS engagements and/or penetration tests
- Demonstrably strong skills and evidence of delivery in some of the following security domains:
- Red Team engagements (including cyber evasion and physical access techniques)
- Social engineering (including phishing and/or vishing)
- OSINT analysis and assessments
- Infrastructure penetration testing
- Web application penetration testing
- Experience with security tools such as Nmap, Metasploit, Kali Linux, Nessus, Burp Suite Pro etc. as well as other commercial or self-developed tools
- Strong attention to detail in reviewing own work to ensure accurate service delivery and analytic output
- CREST CRT or equivalent level of IT security related certification
- Bachelor of Science degree in Computer Science, Computer Security or a related technical field or equivalent professional experience
- Ability to explain technical concepts and findings to senior, non-technical stakeholders in a business risk orientated language
- Experience in a common scripting language such as python, ruby, bash
- Tool development experience as part of a Red Team engagement
- Knowledge of a programming language
- Experience speaking at conferences and involvement in the wider information security community
- Technical writing including the publication of technical whitepapers
- Experience in delivering services or service within government agencies
- Experience within finance, insurance or critical national infrastructure sectors
- CREST CCT, OCSP certifications
You will be required to hold a minimum of SC security clearance. If you do not hold an active SC clearance please familiarise yourself with the vetting process before applying.
Hit the 'Apply now' button to apply and to discuss this role further. We will be delighted to hear from you!
(c) Copyright Datasource Computer Employment Limited 2017.
This job was originally posted as www.totaljobs.com/job/76715421