Sirius Computer Solutions Security Consultant - Network Penetration Tester in Boston, Massachusetts
Requisition Number 18-0373
Title Security Consultant - Network Penetration Tester
Description By joining Sirius, you'll become part of one of the top Security consulting organizations in the US. With 44 years of experience across the IT spectrum, we are uniquely positioned to advise enterprise clients on a wide range of security solutions, from leading vendors such as Checkpoint, Cisco, F5, FireEye, Palo Alto, RSA, Symantec (Blue Coat) and many others. Our depth and breadth of solutions will allow you to make an impact at the cutting edge of IT, while growing your expertise and capabilities through our commitment to professional development.
The Security Consultant - Network Penetration Tester is responsible for providing penetration testing, social engineering, vulnerability and technical assessments. The Security Consultant will perform project execution and report preparation activities and findings in support of a client engagement. The Security Consultant will provide expertise in support of the sales organization and be expected to contribute to practice development by way of process improvements and assistance with new offering development.
Primary Duties & Responsibilities
• Conduct penetration testing of external and internal networks, web and mobile applications, WiFi, and social engineering assessments. Candidate should be able to perform manual exploitation of identified vulnerabilities
• Ability to recognize, explain, document and report vulnerabilities and exploits, describing remediation activities, with the ability to effectively communicate the results, in both technical and layman terms, to the appropriate audience.
• Provide sales team with technical and security expertise in support of business development activities. Participate in sales calls, helps scope projects, provides pricing estimates and creates pre and post sales documentation.
• Receive work assignments and timelines from the Practice Lead. Expected to maintain routine cadence with the assigned Project Manager to ensure all interested stakeholders are up-to-date regarding activities and project status.
• Provide clients with consulting services during a contracted engagement. Work within area(s) of expertise (e.g., penetration testing, social engineering testing, framework compliance, etc.).
• Review all findings and recommendations and work with assessment team to determine appropriate actions.
• Understand and identify business processes specific to the client's environment and the appropriate risk management practices. Make recommendations for improvement of processes and controls.
• Create and present clients with reports detailing methodology, findings, recommendations and remediation activities to increase security within the target environment
• Perform other duties as assigned by your manager or practice lead
Requirements Basic Qualifications:
• Bachelor’s Degree in Telecommunications, Engineering, Information Assurance/Security, Computer Science, Management Information Systems, or a related field
• At least three (3) years of consulting and technical experience in one or more of the following: network penetration testing, red teaming, Social engineering tactics and techniques, and network vulnerability assessments.
• Must have a demonstrated technical background and understand system architecture and design, operating systems, network infrastructure, device configuration hardening, and patch and configuration management.
Other Position Requirements -
• Experience with network and WiFi penetration testing
• Experience with physical and social engineering testing
• Experience with programming or scripting languages such as Python, Powershell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc.
• Experience with penetration testing frameworks and tools, such as Kali Linux, The Penetration Testers Framework, Metasploit, Canvas, Cobalt Strike, Burp Suite Pro, Nexpose, Nessus, Wireshark, Nmap, etc.
• Familiarity with security testing standards such as OSSTMM, OWASP and NIST SP 800-115, and an understanding of PCI penetration testing requirements.
• Ability to think creatively when dealing with complex situations and attempting to manipulate and break systems
• Experience with using, administering, and troubleshooting Linux and Windows environments
• Proven TCP/IP and packet analysis skills
• Ability to create project reports to convey complex, technical information clients can understand
• Demonstrated communication and presentation skills, to include the ability to effectively work with clients in a consulting environment
• The ability to work independently with minimal oversight
• Demonstrated ability to manage multiple projects and timelines
• Demonstrated ability to perform technical skills/knowledge transfer to client
• Experience with Web application, Mobile application and API technologies and penetration testing.
• Experience or willingness to perform public speaking
• Offensive Security Certified Professional (OSCP) Certification
• Offensive Security Certified Expert (OSCE) Certification
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification
• GIAC Penetration Tester (GPEN) Certification
• GIAC Web Application Penetration Tester (GWAPT) Certification
• Knowledge of emerging security technologies, software, and methodologies
Data Privacy and Security:
• All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.
• Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.
The position exists to provide technical consulting solutions to customers and as such requires the ability to travel to and from customer sites and interact with customers on an ongoing and regular basis.
The above primary duties, responsibilities, and position requirements are not all inclusive.
Sirius is an equal opportunity employer that values diversity. As a government contractor, Sirius takes affirmative action to employ and advance in employment qualified women, minorities, individuals with disabilities, and protected veterans; maintains a drug-free workplace; and participates in E-Verify.
Individuals who receive job offers will be required to complete pre-employment screening that includes a background check verifying name, residences, education, work experience, and criminal convictions consistent with the Fair Credit Reporting Act; and a drug test for controlled substances consistent with the Drug-Free Workplace Act and the Americans with Disabilities Act.
Sirius will not sponsor work eligibility for this position.