IT Security Analyst

767
Published on May 1, 2020 by

CONSULTANT REQUIRED QUALIFICATIONS

  • 10+ years of experience in Information Security and/or Related Field.
  • 5+ years of experience in Red Team operations and/or Penetration Testing
  • Scripting experience in at least one programming language such as Python or PowerShell
  • Knowledge of Operational Technologies/Industrial Controls Systems (HMI, PLC, SCADA)
  • Knowledge of Active Directory concepts
  • Knowledge of Windows internals
  • Knowledge of *nix systems

CONSULTANT PREFERRED QUALIFICATIONS

  • Previous experience conducting full-scope Purple Team engagements
  • Physical security assessment experience (lock picking, security system bypass, etc.)
  • Database experience (Oracle, MSSQL, MySQL, MongoDB)
  • Application fuzzing experience (WSFuzzer, SPIKE, Sulley, etc)
  • Reverse engineering experience/knowledge, data obfuscators, or ciphers
  • Mobile and/or web application assessments
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
  • Source code review for control flow and security flaws

CONSULTANT EDUCATION/CERTIFICATIONS

  • Undergraduate degree in Computer Science, Engineering, or related field
  • GPEN, GXPN, GWAPT, OSCP, or OSCE required
  • CISSP and other relevant certifications preferred.

RESPONSIBILITIES

  • Perform internal and external penetration testing of network infrastructure and applications
  • Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
  • Perform network reconnaissance, OSINT, social engineering, and physical security reviews
  • Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
  • Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
  • Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Learn the MTA business environment and basic risk management approaches

Click here to Apply 

 

Category Tag

Add your comment