Security Testing Consultant
- Salary: GBP40000 - GBP60000 per annum
- Location: London, England, United Kingdom
- Job Type: Full time
- Company: JCW Search
An Information Security and Risk Management company in London are looking to hire a Security Testing Consultant to provide security vulnerability assessment and penetration testing.
- Identify, exploit and document security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
- Ability to flow from black box to grey box to white box tests dependent on client needs.
- Ability to test a variety of client form factors and technologies based on scopes of work.
- Ability to solve complex technical problems and articulate to non-IT personnel.
- Ability to effectively provide technical risk assessment of technologies in networks applications, wireless, social engineering, code reviews and war dialling.
- Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
- Perform, review and analyse security vulnerability data to identify applicability and false positives.
- Research and develop testing tools, techniques, and process improvements.
- Create risk based security code reviews (static & dynamic.)
- Conduct penetration testing in line with Open Web application Security project.
- Mentor junior engineers to build their skills and contribution levels.
- Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
- Support company through the testing and evaluation of new technologies and security controls.
- Assist and support Risk Factory Security Staff as they perform vulnerability, network and network security assessments.
- May require the performance of other essential functions depending upon work location or assignment.
- Knowledge and understanding of basic information security principles.
- Knowledge of security best practice guidelines, (ISO 17799, NIST, OWASP etc.)
- Relevant professional experience including working knowledge of the following.
- TCP/IP, HTML, XML, CGI, Python, Perl, Java, Java Script, C++, C#. .Net, networking including IP classes, subnets, multicast, NAT.
- WINS, DNS, and DHCP, Network troubleshooting.
- Microsoft OS, Active Directory and Server technologies.
- Encryption cracking tools
- Password cracking tools
- Remote access methods.
- Backup and disaster recovery methodologies.
- Patch management technologies and processes.
- Wireless protocols and services.
- Variety of testing tools such as: Paros, WebScarab, Burpsuite, Nessus, Appscan,
- Familiarity with UNIX a plus.
- Design and testing experience related to security.
- Experience with security issues in large scale networks.
- Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software.
- Ability to grasp new technology concepts, quickly and assist others in understanding them as well.
- Senior-level documentation and project management skills.
- Ability to work in a team environment and interact with people.
- Strong verbal, communication and technical writing abilities.
- Project management skills.
- Possess strong leadership, coaching and mentoring skills.
- Occasional travel, possibly air travel.
- Ability to meet pressured deadlines and time constraints.
Education, Training & Experience:
- Computer Security, Computer Science or Technical degree equivalent. (GIAC, CEH.)
- Five+ years information security technology experience.
- Five+ years' computer and network security experience.
- Five+ years' experience managing client projects.
- Five+ years' information consulting experience.