Client is looking to bring on an experienced Red Team security contractor to supplement internal efforts. Candidate should have all the following technical and professional characteristics as well:
-Cross-functional security experience in at least two areas à Physical Security, Network Security, Personnel Security, Network Penetration, Threat Risk Evaluations
-Min 3 years' experience performing Full Scope Penetration testing engagements
- Min 1 years' experiencepenetration/vulnerability testing for web and thick-client applications in an enterprise environment
- Experience with programming and/or scripting in one or more of the following languages à .NET, Java, PHP, Ruby, Perl, Bash, or similar language
- Ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
- Ability to capture and analyze network traffic, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data
- Have a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
- Minimum 3 years' experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention (DLP), Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls.
- Ability to create extremely high-quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management