Senior Professional, Offensive Cyber Operations

Responsibilities

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Conduct security assessments that can be multi-faceted for both IT and OT environments
• Define the scope for security testing assignments
• Create interactive quality assurance security test reports and other documentation as needed
• Build trusting relationships with clients to develop appropriate remediation plans
• Provide exceptional service in a professional, courteous and timely manner
• Provide thought leadership, direction and advice for the Information Security practice on malware, attack vectors and methods to protect against threats
• Collaborate with colleagues in other service lines in support of needs for Information Security services
• Stay informed on current tools, technologies and vulnerabilities to incorporate into testing practices

Qualifications

• Degree in Computer Science, Information Systems, Engineering or related major from an accredited University or equivalent
• At least three (3) years experience working on vulnerability assessments and penetration tests
• Outstanding critical thinking and analytical skills
• Application and infrastructure penetration testing experience that transcends running automated tools
• A comprehensive understanding of Linux, Windows and network security skills
• Excellent written and verbal communication in English
• Ability to meet deadlines and deliver a high-quality product (reports)
• Thorough and accurate attention to detail
• Ability to work independently and perform as a leader in a collaborative group setting


Familiar with (if not qualified in) test suites such as:
• Nessus
• MetaSploit
• Burp Suite
• Kali
• NMap
• Fortify
• Acunetix


One or more of the following certifications are desired:
• EC-Council Certified Ethical Hacker (CEH)
• EC-Council Licensed Penetration Tester (LPT)
• GIAC Certified Penetration Tester (CPEN)
• IACRB Certified Penetration Tester (CPT)
• Offensive Security Certified Professional (OSCP)
• CREST Registered Tester (CRT)
• CREST Infrastructure Certification
• CESG CHECK Team Leader
• CESG CHECK Team Member
• Tiger Scheme Senior Security Tester
• Tiger Scheme Qualified Security Tester
• Any other recognized penetration testing certification/accreditation

Nice to Haves

• ISO27001 Lead Auditor
• CISSP, CISA, CISM Certifications
• CREST recognized penetration testing certification/accreditation (CREST Certified Tester (CCT) or CHECK Team Leader (CTL)
• Experience developing custom scripts or tools used for vulnerability scanning and identification
• Familiarity with threat modelling and security design review methodologies
• Support team technical progress (e.g. through service development or research) and contribute to company technical processes overall
• Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, or Java and/or Fortify, Veracode, Brakeman and/or IDA Pro
• Proficiency with physical security testing, phishing and social engineering techniques
• Experience with mobile applications such as Android DeBug Bridge (ADS), OWASP ZAP, Drozer, Mobile Security Framework (MobSF), Smartphone Pentest Framework (SPF), Burp Suite, Android SDK, Friday, Cydia and/or IDB